passwdgen
Michal Moskal
michal.moskal at gmail.com
Sat Aug 6 17:50:44 CEST 2005
On 8/6/05, Tomasz Grobelny <tomasz at grobelny.oswiecenia.net> wrote:
> Dnia \u015broda 03 sierpnia 2005 13:06, maHo wrote:
> > Hello
> >
> > #v+
> > $ passwdgen -1p@ --min=4 --max=6
> > #v-
> >
> > and it hangs.
> >
> Because it uses /dev/random which is not very efficient (see strace). Would it
> be correct to use /dev/urandom? Does it contain the same amount of entropy or
> is it somehow simpler (and possibly less secure)?
It depends on how paranoid you are. If you believe NSA, FSB or some
other kind of highly intelligent aliens are going to reverse SHA-1, so
they can guess next password based of the previous one then you should
definitely use /dev/random. OTOH if you believe it you should be also
aware they could be controlling you from space using one of these
satellites...
/dev/random makes sure it doesn't leak more entropy than it gets, so it
is impossible to guess anything without knowing the entropy (sic!). Which
isn't entropy anyway, so CIA/KGB/etc can intercept it.
--
Michal Moskal,
http://nemerle.org/~malekith/
More information about the pld-devel-en
mailing list