Thank you all for your answers! They make sense, although some dabble into theoretical corner cases with miniscule likelihoods (but non-zero likelihood nonetheless)...
On Thu, May 04, 2017 at 03:16:31PM +0200, Jason A. Donenfeld wrote: > There is a non-zero probability that a RNG will output the complete > works of Shakespeare. Haha true, and reminded me of the olde monkeys-and-typewriter idea: https://www.youtube.com/watch?v=no_elVGGgW8 On Thu, May 04, 2017 at 04:28:14PM +0000, Matan Nassau wrote: > When you reject a random password, you introduce a bias. When you > select based on your idea of what's random, it's akin to selecting > based on anything else. It defeats the security purpose of an RNG. So > one ought to be careful with this. Here I would agree with Tharre: the bias is somewhat equal to an attacker guessing a random dictionary password. Intuitively, at least; so personally I'd rather generate a new password than use a random Shakespearean plain-word password just because it's "truly" random. Cheers, Jens -- Jens Tröger http://savage.light-speed.de/ _______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
