On 10/11/14 23:16, Ben Finney wrote:
> To avoid duplicating these “the N most common words, ranked by
> frequency, for language FOO”
For a password generator you ideally want the word-list to be sorted
alphabetically, so that it's trivial to verify "by eye" that there are
no duplicates. Duplicate entries would reduce the entropy of the
generated passwords, without anything being obviously wrong.
(Idea stolen from Diceware, for which it is essential, because the word
list is designed to be usable without a computer; for online password
generators it's less important, because you can compare wc -l with
sort -u | wc -l to confirm that there are no duplicates.)
It's probably also a good idea to have a power-of-2 wordlist size, to
make it trivial to pick one without bias using bytes from
/dev/[u]random. (Diceware uses a power-of-6 wordlist size for analogous
reasons, because it's based on rolling dice.)
S
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5461e839.5030...@debian.org
