I can see you replied with the attitude of “I am smarter than you”, but
you just succeeded in showing your incompetence.
Your method gives at most 15.9 bits of entropy per word. 4 words give a lowly
63.6 bits.
DES, which has 56 bit keywords, was obsolete in 1998 because keys could be
recovered easily with exhaustive search. The EFF a even built a machine to
crack DES using brute-force search. Your passwords are just 7.6 bits above a
system broken 2 decades ago. Maybe your method would have been a good
recommendation in 1960.
This is a textbook example of why you should NOT try to implement a
security-sensitive program (even a script is a program) when you have no idea
of what you are doing.
>They are certainly *much* easier to remember (and probably faster to type)
than "pvQx697b88nfDJKv8LQ4Mg" (password your first command can output) and
much stronger than "w5eJ".
Your reading still is as poor as your cryptography knowledge. I never
suggested using a 4-character key like “w5eJ”. I proposed this as a
method to memorize a longer password incrementally, and I suggested 96 bit
keys. There is a big difference.
>/dev/urandom providing only pseudo-randomness, there is a risk (although it
should be OK) of a bug that would help the cracker.
No.
In Linux /dev/random (/drivers/char/random.c) the raw data from the entropy
sources are passed through the same mixing algorithm used for /dev/urandom.
Moreover, both devices use the same entropy sources.
>It returns the current number of seconds since January 1, 1970.
No, it doesn't, because of leap seconds.
