Kirk Strauser wrote:
> On Monday 08 January 2007 5:26 am, Ivan Voras wrote:
> 
>> Here's an idea:
>>
>> $ head -c 64 /dev/random | md5 | head -c 10
> 
> Hugely bad idea.  Since md5 outputs hex, you're only getting 4 bits of 
> entropy per character.  

Yes, with 10 characters that's 5 bytes of practically pure random data,
i.e. 40 bits. You're somewhat right: I don't know about pwgen but
usually such utilities generate passwords from a set that looks like
[0-9a-zA-Z-,], i.e. 6 bits per character. For a password of 8
characters, that's 48 bits, so 8 bits stronger than 10 hexadecimal
characters. For equal entropy, 12 hex characters should be used.

But hex characters are easier to remember :)


Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to