Generated password has repetition
Jens Tröger
jens.troeger at light-speed.de
Thu May 4 21:52:37 CEST 2017
Thank you all for your answers! They make sense, although some dabble
into theoretical corner cases with miniscule likelihoods (but non-zero
likelihood nonetheless)...
On Thu, May 04, 2017 at 03:16:31PM +0200, Jason A. Donenfeld wrote:
> There is a non-zero probability that a RNG will output the complete
> works of Shakespeare.
Haha true, and reminded me of the olde monkeys-and-typewriter idea:
https://www.youtube.com/watch?v=no_elVGGgW8
On Thu, May 04, 2017 at 04:28:14PM +0000, Matan Nassau wrote:
> When you reject a random password, you introduce a bias. When you
> select based on your idea of what's random, it's akin to selecting
> based on anything else. It defeats the security purpose of an RNG. So
> one ought to be careful with this.
Here I would agree with Tharre: the bias is somewhat equal to an
attacker guessing a random dictionary password. Intuitively, at least;
so personally I'd rather generate a new password than use a random
Shakespearean plain-word password just because it's "truly" random.
Cheers,
Jens
--
Jens Tröger
http://savage.light-speed.de/
More information about the Password-Store
mailing list