Generated password has repetition

Jens Tröger jens.troeger at
Thu May 4 21:52:37 CEST 2017

Thank you all for your answers!  They make sense, although some dabble
into theoretical corner cases with miniscule likelihoods (but non-zero
likelihood nonetheless)...

On Thu, May 04, 2017 at 03:16:31PM +0200, Jason A. Donenfeld wrote:
>    There is a non-zero probability that a RNG will output the complete
>    works of Shakespeare.

Haha true, and reminded me of the olde monkeys-and-typewriter idea:

On Thu, May 04, 2017 at 04:28:14PM +0000, Matan Nassau wrote:
>    When you reject a random password, you introduce a bias. When you
>    select based on your idea of what's random, it's akin to selecting
>    based on anything else. It defeats the security purpose of an RNG. So
>    one ought to be careful with this.

Here I would agree with Tharre: the bias is somewhat equal to an
attacker guessing a random dictionary password.  Intuitively, at least;
so personally I'd rather generate a new password than use a random
Shakespearean plain-word password just because it's "truly" random.


Jens Tröger

More information about the Password-Store mailing list