entropy – Page 9 – WindowsTechs.com

What should a secure passphrase look like?

Posted on January 19, 2019 by reed

We all know that passwords should not only be randomly generated, but also look random. The reason is that attackers can use patterns or existing words to be able to bruteforce the passwords faster, so a randomly generated pa… Continue reading What should a secure passphrase look like?→

Does this attack on RSA keys reveals a major flaw, or this is no big deal with good entropy?

Posted on January 17, 2019 by JB.

William Kuszmaul published a study of an attack for RSA public keys on his blog https://algorithmsoup.wordpress.com/2019/01/15/breaking-an-unbreakable-code-part-1-the-hack/

The basic idea is, when people use poor PRNG to gen… Continue reading Does this attack on RSA keys reveals a major flaw, or this is no big deal with good entropy?→

How much less secure is a password with a repetitive pattern of characters?

Posted on December 25, 2018 by Jeff Kendall

I want to make sure my password is very difficult to bruteforce but also easy to remember and convenient.

So my idea is to just use a short password and repeat it a few times like this:

Password654321Password654321Password6… Continue reading How much less secure is a password with a repetitive pattern of characters?→

Effects of new random Session token for each HTTP Request

Posted on November 13, 2018 by user1330734

On successful authentcation, a web application issues a session cookie that is a constant length string of apparently random hex characters.

2E5F0FE4B7FCAB78CD967B46AB32915CCBFDC85316FAFB9174BDC4A3745339D8AD9C1D70A8EDD3D4F06… Continue reading Effects of new random Session token for each HTTP Request→

Python: hashdump script for macOS/OSX

Posted on October 18, 2018 by user189172

I’m looking at this hashdump.py designed to extract macOS/OSX password hashes. But my Python isn’t great. I’m hoping someone can explain (or perhaps add comments to) some of the lines I’ve marked and explain what exactly is h… Continue reading Python: hashdump script for macOS/OSX→

Pseudo-random generators and pitfalls

Posted on September 28, 2018 by Carol

I’ve read the Chapter “Randomness” from the Serious Cryptography book and it raised some questions. Namely:

It is written that Mersenne Twister is proved to be cryptographically irreliable. And that is it used by some langua… Continue reading Pseudo-random generators and pitfalls→

rng-tools entropy sources

Posted on September 20, 2018 by Antick

Using rng-tools 6.3.1, I list the entropy sources:

$ rngd -l
Entropy sources that are available but disabled
4: NIST Network Entropy Beacon
Available and enabled entropy sources:
2: Intel RDRAND Instruction RNG
5: JITTER Ent… Continue reading rng-tools entropy sources→

rng-tools entropy sources

Posted on September 20, 2018 by Antick

Using rng-tools 6.3.1, I list the entropy sources:

For a "normal" computer user, does it make a difference to have a good entropy source?

Posted on August 9, 2018 by puzzle

Let’s take, for example, Linux. From my understanding, there are different sources and different ways that can be used to gather entropy (RNG daemon, Intel rrandr, TPM, etc). Some produce entropy that is of “better quality” t… Continue reading For a "normal" computer user, does it make a difference to have a good entropy source?→

Chrome generated passwords not high entropy?

Posted on August 1, 2018 by Gavin Gray

On Chrome, if you open a sign up page, it will offer to fill and remember the password field. I did this and got the following sequence of passwords offered as generated:

suCipAytAyswed0
LUnhefcerAnAcg2
it2drosharkEweo
Undos… Continue reading Chrome generated passwords not high entropy?→