From owner-freebsd-questions@FreeBSD.ORG Tue Aug 4 16:42:55 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 370F3106580B for ; Tue, 4 Aug 2009 16:42:55 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ew0-f206.google.com (mail-ew0-f206.google.com [209.85.219.206]) by mx1.freebsd.org (Postfix) with ESMTP id B58528FC16 for ; Tue, 4 Aug 2009 16:42:54 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: by mail-ew0-f206.google.com with SMTP id 2so3823994ewy.43 for ; Tue, 04 Aug 2009 09:42:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type:content-transfer-encoding; bh=WYidCVD7YcCasgjxG6uU9A1/0CoFx03RAkHjDxMVB8s=; b=paqf83+Mbw6EyUfGulxtOMsKHNQcKCsjALxvRiHYRyTorD326s75uaA5QX9phFGBaj svVtcW6wkvxPJC9xES4XJ5d1kyLuil/L320POn4s/cZLaAhFjbEqPzIaFwDrg3yhF20M oXPa1E4sbtEPdGBb8O/sxO4eqTjoTQn8W57/o= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=cdQv3slAYcp3Et5G7GW1zb3U/WNwQ88caJDFV7tGT5V3u876AKbJ36M0hVOfgSuare kxLa0bOpdaGavKPxrImlx8FjaQidHJsXj4GwyRwKOnfQTXOKXNH2hFgmhZbURq72n1ky 7XuLWPKhdXT2skPbZ5QBflE53ZDhN/FqVbyoE= Received: by 10.211.180.15 with SMTP id h15mr8898186ebp.40.1249403675641; Tue, 04 Aug 2009 09:34:35 -0700 (PDT) Received: from gumby.homeunix.com (bb-87-81-140-128.ukonline.co.uk [87.81.140.128]) by mx.google.com with ESMTPS id 7sm2779185eyg.35.2009.08.04.09.34.33 (version=SSLv3 cipher=RC4-MD5); Tue, 04 Aug 2009 09:34:34 -0700 (PDT) Date: Tue, 4 Aug 2009 17:34:31 +0100 From: RW To: freebsd-questions@freebsd.org Message-ID: <20090804173431.52698379@gumby.homeunix.com> In-Reply-To: <64c038660908031928v15a76d15g5599e6f3fef936e1@mail.gmail.com> References: <64c038660908031928v15a76d15g5599e6f3fef936e1@mail.gmail.com> X-Mailer: Claws Mail 3.7.2 (GTK+ 2.16.5; i386-portbld-freebsd7.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Secure password generation...blasphemy! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Aug 2009 16:42:56 -0000 On Mon, 3 Aug 2009 20:28:52 -0600 Modulok wrote: > However, wouldn't hashing bytes from /dev/random be quite secure? The > hash function would cover any readily apparent patterns, if they were > found to existed. That's fine, the only issue is that hex digits lead to long passwords for a given stength. Most password generators are OK, provided that they ultimately derive a sufficiently strong seed from /dev/random and don't do anything stupid, this includes things like jot, which uses the arc4random library. The main problem is that there are still a few generators around, IIRC sysutils/pwgen is one, that still seed from the time and the pid, so I wouldn't use a generator unless I'd seen the source.