Secure password generation...blasphemy!
rwmaillists at googlemail.com
Tue Aug 4 16:39:43 UTC 2009
On Mon, 3 Aug 2009 22:20:50 -0800
Mel Flynn <mel.flynn+fbsd.questions at mailing.thruhere.net> wrote:
> On Monday 03 August 2009 18:28:52 Modulok wrote:
> > I wrote a python script which uses /dev/random, and hashes the
> > output with sha256. I then truncate the output to the desired
> > length. Blasphemy! According to the superstitious password crowd my
> > passwords are not very secure ... maybe.
> They aren't, because you reduce the random to a much less random,
> *because* you are hashing.
Not in FreeBSD, it's a 256bit PRNG and a 256 bit hash.
More information about the freebsd-questions