As I understand it I would have to double the length of a hashed password for it to be as secure as an un-hashed one, as each pair of characters represent one byte. Aye?
-Modulok- On 8/4/09, RW <[email protected]> wrote: > On Mon, 3 Aug 2009 22:20:50 -0800 > Mel Flynn <[email protected]> wrote: > >> On Monday 03 August 2009 18:28:52 Modulok wrote: >> >> > I wrote a python script which uses /dev/random, and hashes the >> > output with sha256. I then truncate the output to the desired >> > length. Blasphemy! According to the superstitious password crowd my >> > passwords are not very secure ... maybe. >> >> They aren't, because you reduce the random to a much less random, >> *because* you are hashing. > > Not in FreeBSD, it's a 256bit PRNG and a 256 bit hash. > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[email protected]" > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
