Secure password generation...blasphemy!
Modulok
modulok at gmail.com
Tue Aug 4 16:42:25 UTC 2009
As I understand it I would have to double the length of a hashed
password for it to be as secure as an un-hashed one, as each pair of
characters represent one byte. Aye?
-Modulok-
On 8/4/09, RW <rwmaillists at googlemail.com> wrote:
> On Mon, 3 Aug 2009 22:20:50 -0800
> Mel Flynn <mel.flynn+fbsd.questions at mailing.thruhere.net> wrote:
>
>> On Monday 03 August 2009 18:28:52 Modulok wrote:
>>
>> > I wrote a python script which uses /dev/random, and hashes the
>> > output with sha256. I then truncate the output to the desired
>> > length. Blasphemy! According to the superstitious password crowd my
>> > passwords are not very secure ... maybe.
>>
>> They aren't, because you reduce the random to a much less random,
>> *because* you are hashing.
>
> Not in FreeBSD, it's a 256bit PRNG and a 256 bit hash.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list