On Fri, 2003-11-07 at 00:21, Tom Collins wrote:
> > Narrowing the possible scope for each letter to 64 from some larger
> > group but increasing the entropy that goes into selecting each
> > character seems like a good idea to me.
> Remember that we're only selecting 8 random characters -- that's about
> 40-bits of random numbers. No one has shown that the current method
> results in a limited set of possible passwords. I'm not arguing
> against using /dev/[u]random, I'm just saying that it's possible to
> over-engineer a random password generator...
Let's calculate some randomness :)
(8 characters from a 128 letter pool: 56 bits)
8 characters from a 80 letter pool: 50 bits
8 characters from a 64 letter pool: 48 bits
I'll say it's an acceptable loss eliminating those letters that can
easily be confused...
> Making use of /dev/urandom and/or /dev/random will be high on our
> priority list for the 5.5 development series.
You wan't patches? That would be a nice project for little me...