Date: Tue, 4 Aug 2009 10:42:22 -0600 From: Modulok <modulok@gmail.com> To: RW <rwmaillists@googlemail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Secure password generation...blasphemy! Message-ID: <64c038660908040942t6f7934detdeb7b138623eb884@mail.gmail.com> In-Reply-To: <20090804173939.598a224f@gumby.homeunix.com> References: <64c038660908031928v15a76d15g5599e6f3fef936e1@mail.gmail.com> <200908032220.50964.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> <20090804173939.598a224f@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
As I understand it I would have to double the length of a hashed password for it to be as secure as an un-hashed one, as each pair of characters represent one byte. Aye? -Modulok- On 8/4/09, RW <rwmaillists@googlemail.com> wrote: > On Mon, 3 Aug 2009 22:20:50 -0800 > Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net> wrote: > >> On Monday 03 August 2009 18:28:52 Modulok wrote: >> >> > I wrote a python script which uses /dev/random, and hashes the >> > output with sha256. I then truncate the output to the desired >> > length. Blasphemy! According to the superstitious password crowd my >> > passwords are not very secure ... maybe. >> >> They aren't, because you reduce the random to a much less random, >> *because* you are hashing. > > Not in FreeBSD, it's a 256bit PRNG and a 256 bit hash. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?64c038660908040942t6f7934detdeb7b138623eb884>