As I understand it I would have to double the length of a hashed password for it to be as secure as an un-hashed one, as each pair of characters represent one byte. Aye?
-Modulok- On 8/4/09, RW <rwmailli...@googlemail.com> wrote: > On Mon, 3 Aug 2009 22:20:50 -0800 > Mel Flynn <mel.flynn+fbsd.questi...@mailing.thruhere.net> wrote: > >> On Monday 03 August 2009 18:28:52 Modulok wrote: >> >> > I wrote a python script which uses /dev/random, and hashes the >> > output with sha256. I then truncate the output to the desired >> > length. Blasphemy! According to the superstitious password crowd my >> > passwords are not very secure ... maybe. >> >> They aren't, because you reduce the random to a much less random, >> *because* you are hashing. > > Not in FreeBSD, it's a 256bit PRNG and a 256 bit hash. > _______________________________________________ > firstname.lastname@example.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"