Generated password has repetition

Matan Nassau matan.nassau at gmail.com
Thu May 4 18:28:14 CEST 2017


When you reject a random password, you introduce a bias. When you select
based on your idea of what's random, it's akin to selecting based on
anything else. It defeats the security purpose of an RNG. So one ought to
be careful with this.
On Thu, May 4, 2017 at 10:41 Jonathan Proulx <jon at csail.mit.edu> wrote:

> On Thu, May 04, 2017 at 03:16:31PM +0200, Jason A. Donenfeld wrote:
> :There is a non-zero probability that a RNG will output the complete works
> :of Shakespeare.
>
> and a non zero chance that it will generate "password1234" that
> doesn't mean accepting that is a good idea though, one also has to
> consider likely attack strategies.
>
> the example given is likely fine, but if you randomly get a password
> that you think is bad, regeneration is always an option.
>
> -Jon
>
> :
> :--
> :Sent from my telephone.
> :
> :On May 4, 2017 13:56, "Matthieu Weber" <mweber at free.fr> wrote:
> :
> :On Thu 04.05.2017 at 09:35:24PM +1000, Jens Tröger wrote:
> :> I know that passwords are generated by pwgen, which is considered a
> :> strong generator (right?) but today it produced a password with
> :> consecutive repetitions: #9d:$_r{""yww4{k?}.i'^P}z
> :
> :Randomness sometimes generates repetition. If you want to filter out the
> :passwords with repetitions, you are effectively reducing the number of
> :possible passwords, therefore making it (slightly) easier to crack.
> :
> :> Not sure if this is an issue per se? Can I ignore this in the future?
> :
> :I would say it's not an issue, especially with this long a password as
> :the one above.
> :
> :Matthieu
> :--
> : (~._.~)        Matthieu Weber - matthieu at weber.fi.eu.org        (~._.~)
> :  ( ? )                 https://weber.fi.eu.org/                  ( ? )
> : ()- -()           public key id : 0x85CB340EFCD5E0B3            ()- -()
> : (_)-(_) "Humor ist, wenn man trotzdem lacht (Otto J. Bierbaum)" (_)-(_)
> :
> :_______________________________________________
> :Password-Store mailing list
> :Password-Store at lists.zx2c4.com
> :https://lists.zx2c4.com/mailman/listinfo/password-store
>
> :_______________________________________________
> :Password-Store mailing list
> :Password-Store at lists.zx2c4.com
> :https://lists.zx2c4.com/mailman/listinfo/password-store
>
>
> --
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20170504/6ae897a0/attachment-0001.html>


More information about the Password-Store mailing list