WebApp Sec mailing list archives
Re: suggesting passwds to users
From: "SecurityFocus" <securityfocus () david hunter-family org>
Date: Wed, 20 Apr 2005 14:01:25 -0400 (EDT)
Computers may not be capable of generating truly random data without external inputs to use as a source of entropy, but it need not be user interaction. Radioactive decay, for instance, is random (as best we can tell), and there are systems that you can buy that use the timing of radiologic measurements as a source of entropy. That said, in most environments poor user password management is a much bigger threat than PRNG limitations. - David Hunter -----Original message from Saqib Ali----- [snip]
No offense, but DUH! Isn't it impossible for a computer to generate a truly random number without user interaction (such as random mouse movements to generate entropy, as gnupg asks the user to do when generating pub/priv keypairs)? Nevertheless, as your pseudo-randomness tends toward zero you will hit a point that is statistically acceptable. Like when scientists agree that 1x10^-200 chance of occurence can reasonably be considered impossible.
Current thread:
- suggesting passwds to users James Barkley (Apr 18)
- Re: suggesting passwds to users Mark Owen (Apr 20)
- Re: suggesting passwds to users robert (Apr 21)
- Re: suggesting passwds to users Saqib Ali (Apr 20)
- Re: suggesting passwds to users James Barkley (Apr 20)
- Re: suggesting passwds to users Saqib Ali (Apr 20)
- Re: suggesting passwds to users SecurityFocus (Apr 21)
- Re: suggesting passwds to users James Barkley (Apr 20)
- Re: suggesting passwds to users Mark Owen (Apr 20)
- Re: suggesting passwds to users Kelly John Rose (Apr 20)
- Re: suggesting passwds to users Robert Hajime Lanning (Apr 20)
- Re: suggesting passwds to users Michael Silk (Apr 20)
- Re: suggesting passwds to users Martin Sarsale (Apr 20)
- <Possible follow-ups>
- RE: suggesting passwds to users Matt Fisher (Apr 20)
- Re: suggesting passwds to users hggdh (Apr 21)
- RE: suggesting passwds to users Scovetta, Michael V (Apr 21)
- RE: suggesting passwds to users maburns (Apr 21)
- RE: suggesting passwds to users Sohl, Greg (Apr 21)
- SV: suggesting passwds to users Fredrik Hesse (Apr 21)