On Sun, Dec 18, 2016 at 12:40 AM, Antoine Beaupré <[email protected]> wrote: >> I like the idea of using /dev/urandom directly, but piping it into >> base64 is a terrible idea. > > why is it a terrible idea? can you be more specific?
Because sites have password length requirements, not password entropy requirements. Base64 has a minimal character set. The goal should be to jam as much entropy as possible in the space provided. Base64 entirely fails at this. It's also completely unnecessary, considering much better techniques for reducing character sets. I prefer the tried-and-true, "pick and discard" technique, in which you pick bytes out of /dev/urandom until you get one that matches your desired character set. Jason _______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
