[onerng talk] review of RNGs

[ianG]

Hi Bill,

as Jim mentioned, it ain't our site.  It's Philipp's!  I'm just posting 
it on the hope that Paul might put Philipp on his Christmas list for a 
couple of OneRNGs one day [0].

Passwords - yeah.  That debate rolls on.

iang

[0] I'm not sure whether there is a plural for TheOneTrueRNG, but a 
beggar can plead literary licence as much as a rich man :)

On 6/07/2015 18:08 pm, Bill Cox wrote:
> Also, while this is minor, your password methods on the site are too
> stringent, requiring an upper case, lower case, digit, and a symbol.  This
> means I will forget it each time I login, and I will have to go through the
> password recovery process each time.  I suspect I am in the majority.
>
> Strong password rules like this don't work.  Password entropy will remain
> typically below 26 bits of strength.  Unless you're doing something at
> least as strong as Scrypt for a good fraction of a second, you're not going
> to be able to protect those password hashes in the case of a database leak
> anyway.  Additional protections are required.  Once in place, the need for
> ultra-difficult to remember passwords is reduced.
>
> Bill
>
>
> On Mon, Jul 6, 2015 at 10:04 AM, Bill Cox <waywardgeek at gmail.com> wrote:
>
>> The price and speed are nice to know, but what I really want to know about
>> a TRNG is whether it has open-source software, and whether it has
>> open-source hardware.  Could these columns be added?
>>
>> Also, if info is stale, is it possible to edit it?
>>
>> Thanks,
>> Bill
>>
>
> ――
> View topic http://lists.onerng.info/r/topic/51qVLZXyXzqZDNheSv7UVz
> Leave group mailto:onerng-talk at lists.onerng.info?Subject=Unsubscribe
>
> Start groups https://OnlineGroups.net
>