On Fri, 2003-11-07 at 00:21, Tom Collins wrote:
> >  Narrowing the possible scope for each letter to 64 from some larger 
> > group but increasing the entropy that goes into selecting each 
> > character seems like a good idea to me.
> Remember that we're only selecting 8 random characters -- that's about 
> 40-bits of random numbers.  No one has shown that the current method 
> results in a limited set of possible passwords.  I'm not arguing 
> against using /dev/[u]random, I'm just saying that it's possible to 
> over-engineer a random password generator...

Let's calculate some randomness :)

(8 characters from a 128 letter pool: 56 bits)
8 characters from a 80 letter pool: 50 bits
8 characters from a 64 letter pool: 48 bits

I'll say it's an acceptable loss eliminating those letters that can
easily be confused...

> Making use of /dev/urandom and/or /dev/random will be high on our 
> priority list for the 5.5 development series.

You wan't patches? That would be a nice project for little me...


Reply via email to