[RndTbl] Hey security guys!

Sean Cody sean at tinfoilhat.ca
Mon Mar 24 15:29:23 CDT 2014


On 2014-03-24 15:03, Sean Cody wrote:

> Service accounts are created with ridiculously high entropy passwords
> I never record (eg. 'openssl rand 1024 | openssl dgst -sha1 | cut -f2
> -d\ ').
> 

Since Adam will undoubtedly catch this... this should read 'reasonably 
high entropy' given digests are a-z0-9 so the language space is 
reasonable entropy and (depending on who you talk to) mitigated by large 
string length.

You can just use 'openssl rand -base 64 1024' and combine the line feeds 
and get an additional 8 bits of entropy or strings < /dev/urandom blah 
blah blah.  It all comes down to... make it random, complicated, and 
ridiculously annoying to type.  This way you make the mechanism easier 
to use than just doing it manually. :)

-- 
Sean


More information about the Roundtable mailing list