[PATCH] stop using pwgen
Jason A. Donenfeld
Jason at zx2c4.com
Sun Dec 18 15:54:55 CET 2016
On Sun, Dec 18, 2016 at 12:40 AM, Antoine Beaupré <anarcat at debian.org> wrote:
>> I like the idea of using /dev/urandom directly, but piping it into
>> base64 is a terrible idea.
>
> why is it a terrible idea? can you be more specific?
Because sites have password length requirements, not password entropy
requirements. Base64 has a minimal character set. The goal should be
to jam as much entropy as possible in the space provided. Base64
entirely fails at this. It's also completely unnecessary, considering
much better techniques for reducing character sets. I prefer the
tried-and-true, "pick and discard" technique, in which you pick bytes
out of /dev/urandom until you get one that matches your desired
character set.
Jason
More information about the Password-Store
mailing list