[onerng talk] review of RNGs
Bill Cox
waywardgeek at gmail.com
Mon Jul 6 18:08:30 BST 2015
Also, while this is minor, your password methods on the site are too
stringent, requiring an upper case, lower case, digit, and a symbol. This
means I will forget it each time I login, and I will have to go through the
password recovery process each time. I suspect I am in the majority.
Strong password rules like this don't work. Password entropy will remain
typically below 26 bits of strength. Unless you're doing something at
least as strong as Scrypt for a good fraction of a second, you're not going
to be able to protect those password hashes in the case of a database leak
anyway. Additional protections are required. Once in place, the need for
ultra-difficult to remember passwords is reduced.
Bill
On Mon, Jul 6, 2015 at 10:04 AM, Bill Cox <waywardgeek at gmail.com> wrote:
> The price and speed are nice to know, but what I really want to know about
> a TRNG is whether it has open-source software, and whether it has
> open-source hardware. Could these columns be added?
>
> Also, if info is stale, is it possible to edit it?
>
> Thanks,
> Bill
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ourshack.com/pipermail/discuss/attachments/20150706/ea400c96/attachment.html>
More information about the Discuss
mailing list