Hejsa, On Fri, 2003-11-07 at 00:21, Tom Collins wrote: > > Narrowing the possible scope for each letter to 64 from some larger > > group but increasing the entropy that goes into selecting each > > character seems like a good idea to me. > Remember that we're only selecting 8 random characters -- that's about > 40-bits of random numbers. No one has shown that the current method > results in a limited set of possible passwords. I'm not arguing > against using /dev/[u]random, I'm just saying that it's possible to > over-engineer a random password generator...
Let's calculate some randomness :) (8 characters from a 128 letter pool: 56 bits) 8 characters from a 80 letter pool: 50 bits 8 characters from a 64 letter pool: 48 bits I'll say it's an acceptable loss eliminating those letters that can easily be confused... > Making use of /dev/urandom and/or /dev/random will be high on our > priority list for the 5.5 development series. You wan't patches? That would be a nice project for little me... /Anders
