Become a fan of Slashdot on Facebook


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment But that's not what I pay for (Score 4, Informative) 187

I started subscribing to Netflix in 1999. I became a customer because I wanted to be able to watch movies from a variety of studios, not just one. If I just wanted one studio, I'd subscribe to HBO. Notice how Netflix streaming doesn't have that good of content from other studios? Probably because studios realize that if they make agreements with Netflix, they will be working with and helping one of their competitors. Like Akbar said, its a trap.

Comment Re:CLI or die (Score 1) 637

Yes it does matter because passwords aren't just used on websites. Let's say someone gets a hold of your encrypted password store file on your laptop. With this type of password generation scheme they only have to try a billion different combinations, which on a recent home computer could be done in a day.

Solution for now: Use a 4+ random word passphrase.

Comment Re:CLI or die (Score 2) 637

The first one is very bad, the second one is, well, kind of overkill.

Please switch %s on the first one (seconds from the epoch which is not very random) with %N, which is the nanosecond only part of the current time and is for all intents and purposes completely random if you run the command by hand.

Using %N is not much better as its only a billion possible values. The problem is that people try to be clever. I've seen countless "clever" ways of trying to generate seemingly random data, but the problem with most of them is that their set of possible values is not high enough. Set size is an important characteristic for the random input for password generation.

Comment Re:CLI or die (Score 1) 637

date +%s | sha256sum | base64 | head -c 32 ; echo

Don't do this shit, its dumb. By using 'date' as your "random" input you just reduced your potential keyspace from 62^32 or 2272657884496751345355241563627544170162852933518655225856 down to perhaps 94608000 for the past 3 years of potential inputs. Even less if someone knows approximately the last time you changed your password or can get you to force a password change. In terms of strength that's even worse than a 6 character password made up of only lowercase letters. You'd be better off just mashing your keyboard 32 times. Sure, they might not get you with an online attack, but password strength these days is mostly to thwart offline brute force attacks.

Suffice it to say, there are command line random password generators out there that are doing this far better than you are, use one of them.

Slashdot Top Deals

Real programs don't eat cache.