[colug-432] Random Generator
Rick Hornsby
richardjhornsby at gmail.com
Mon May 26 11:36:12 EDT 2014
On May 26, 2014, at 8:34, jep200404 at columbus.rr.com wrote:
> On Sun, 25 May 2014 21:50:02 -0400, George Larson <george.g.larson at gmail.com> wrote:
>
>> On Sat, May 24, 2014 at 1:17 PM, tom <thomas.w.cranston at gmail.com> wrote:
>>
>>> Is there a better command line to produce a random password?
>
>> curl -s '
>> https://www.random.org/strings/?num=25&len=20&digits=on&loweralpha=on&upperalpha=on&unique=on&format=plain&rnd=new'
>> | head -$(( (RANDOM % 25)+1 )) | tail -2 | perl -pe 's/\n//'"
>
> That might be random, but as https://www.random.org/passwords/ says:
>
> Nevertheless, the best data security practice is not to let
> anyone but yourself generate your most important passwords.
>
> ... you shouldn't use any online service to generate
> passwords for highly sensitive things, such as your online
> bank account.
Indeed. I’m terrible at math, but for the purposes of generating a strong password, I wondered if random.org was better than /dev/random? Supposing for a moment that’s the case, does the increased “randomness" provide a significant benefit or (probably much more difficult to answer) a more difficult password to crack than using /dev/random?
I’ll admit to having used random.org on several occasions out of convenience to generate passwords I didn’t care about for this or that. I usually have it generate 10 strings using all character classes and then just pick one. However, despite that the random.org URL is https, I can’t figure on trusting an outside source for critical passwords more than I can a local source like 1Password’s built-in generator, /dev/random, or openssl.
More information about the colug-432
mailing list