Re: Re: Re: Alpha/Numeric random generating

Replies are listed 'Best First'.
Re: Re: Re: Re: Alpha/Numeric random generating by no_slogan (Deacon) on Nov 09, 2002 at 02:02 UTC
Along these lines, adding some non-alphanumeric characters to the list will also make the passwords much more secure. Actually, it won't. The seed space for most rand() implementations is only 32 bits. An 8-character lower-case password has a maximum of log(26)/log(2)*8 == 37.6 bits of entropy. That means it's already much easier to brute-force the pseudorandom number generator than to brute force the password directly. Adding upper case, numeric, and non-alphanumeric characters doesn't change this. In order to get enough randomness, you need to use something like Crypt::Random. `use Crypt::Random "makerandom_itv"; @chars = map chr, ord("!")..ord("~"); $pass .= $chars[ makerandom_itv(Lower=>0, Upper=>scalar(@chars))] for 1..8; print $pass, "\n";` [download] String::Random is nice, but it uses weak random number generation.	[reply] [d/l]

Replies are listed 'Best First'.

Re: Re: Re: Re: Alpha/Numeric random generating
by no_slogan (Deacon) on Nov 09, 2002 at 02:02 UTC

Along these lines, adding some non-alphanumeric characters to the list will also make the passwords much more secure.

Actually, it won't. The seed space for most rand() implementations is only 32 bits. An 8-character lower-case password has a maximum of log(26)/log(2)*8 == 37.6 bits of entropy. That means it's already much easier to brute-force the pseudorandom number generator than to brute force the password directly. Adding upper case, numeric, and non-alphanumeric characters doesn't change this.

In order to get enough randomness, you need to use something like Crypt::Random.

use Crypt::Random "makerandom_itv";
@chars = map chr, ord("!")..ord("~");
$pass .= $chars[
    makerandom_itv(Lower=>0, Upper=>scalar(@chars))]
    for 1..8;
print $pass, "\n";
[download]

String::Random is nice, but it uses weak random number generation.

[reply]
[d/l]