On Monday 03 August 2009 18:28:52 Modulok wrote:

> I wrote a python script which uses /dev/random, and hashes the output
> with sha256. I then truncate the output to the desired length.
> Blasphemy! According to the superstitious password crowd my passwords
> are not very secure ... maybe.

They aren't, because you reduce the random to a much less random, *because* 
you are hashing.
You're much better off, using ctype to determine if the byte you got is 
typeable on a keyboard and if not getting the next byte. Or use an array of 
allowed characters and read the rands as integers modulus the size of the 

But as others have stated, you're reinventing the wheel, and even FreeBSD's 
adduser(8) can generate random passwords that are suitable for most uses. You 
should really answer Kurt's questions to determine how secure they should be.

As far as Pseudo generators go, they will generate the same sequence for the 
same seed, so if the seed is guessable by an attacker, you should not use 
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to