On 30 October 2011 15:38, Neil Harris <[email protected]> wrote: > However, this is way, way, way lower risk than the current risk of > brute-forcing low-hanging-fruit user passwords: for every user with a > password generated by base64-encoding the output of /dev/random, there > will be _thousands_ with passwords like "secret99" and "trustno1".
A password from /dev/random is extremely insecure. It is highly susceptible to the "find where they wrote it down because it's far too difficult to remember" attack. Obligatory xkcd link: http://xkcd.com/936/ _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
