On Mon, 3 Aug 2009 20:28:52 -0600
Modulok <modu...@gmail.com> wrote:
> However, wouldn't hashing bytes from /dev/random be quite secure? The
> hash function would cover any readily apparent patterns, if they were
> found to existed.
That's fine, the only issue is that hex digits lead to long passwords
for a given stength.
Most password generators are OK, provided that they ultimately
derive a sufficiently strong seed from /dev/random and don't do
anything stupid, this includes things like jot, which uses the
The main problem is that there are still a few generators around, IIRC
sysutils/pwgen is one, that still seed from the time and the pid, so I
wouldn't use a generator unless I'd seen the source.
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"