tag:blogger.com,1999:blog-7548007103448472986.post1333161797296607583..comments2023-05-08T08:13:38.614-06:00Comments on Crypto Fails: Very Bad Password AdviceUnknownnoreply@blogger.comBlogger7125tag:blogger.com,1999:blog-7548007103448472986.post-72014873828276538652013-10-01T12:47:15.989-06:002013-10-01T12:47:15.989-06:00Passwords generated this way have less entropy per...Passwords generated this way have less entropy per character. <br /><br />A truly random base64 character has 6 bits of entropy (since there are 2^6 possible characters). So a truly random 20-character base64 string would contain 120 bits of entropy. <br /><br />A truly random hex string has 4 bits of entropy per character. To encode 3 bytes (24 bits) in base64, it takes 24/6=4 base64 characters. In a random hex string, there are 3*4=12 bits of entropy in 3 bytes, so there are 12 bits of entropy for every 4 base64 characters, or 12/4 = 3 bits per character. A 20-character base64 string generated this way would contain only 60 bits of entropy.Anonymoushttps://www.blogger.com/profile/18261062824811320194noreply@blogger.comtag:blogger.com,1999:blog-7548007103448472986.post-51076826341327944832013-10-01T12:34:52.498-06:002013-10-01T12:34:52.498-06:00Could someone explain why base64-encoding hex is f...Could someone explain why base64-encoding hex is failing?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7548007103448472986.post-78669666513412312142013-08-12T10:16:00.213-06:002013-08-12T10:16:00.213-06:00(Anon #3 here).
FreeBSD has sha256 as its own comm...(Anon #3 here).<br />FreeBSD has sha256 as its own command and permits installing GNU Coreutils from packages.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7548007103448472986.post-4136830831774325312013-08-11T17:33:43.796-06:002013-08-11T17:33:43.796-06:00what batshit insane distro are you on that it'...what batshit insane distro are you on that it's `sha256`?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7548007103448472986.post-18058199970362370132013-08-11T15:33:51.548-06:002013-08-11T15:33:51.548-06:00My system has a sha256sum command (from GNU Coreut...My system has a sha256sum command (from GNU Coreutils), and no sha256 command.Anonymoushttps://www.blogger.com/profile/17117308210149929871noreply@blogger.comtag:blogger.com,1999:blog-7548007103448472986.post-39378276059475377102013-08-11T01:37:53.104-06:002013-08-11T01:37:53.104-06:00atually, bug B above was my fault. I needed
%LAN...atually, bug B above was my fault. I needed <br />%LANG=C tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7548007103448472986.post-70847214048854124652013-08-11T01:36:04.829-06:002013-08-11T01:36:04.829-06:00Other bugs.
a) the command is "sha256" ...Other bugs. <br />a) the command is "sha256" not "sha256sum"<br />bash: sha256sum: command not found<br />$echo a| sha256<br />87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7<br /><br />b) the second command gives "Illegal byte sequence"<br />%tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1<br />tr: Illegal byte sequence<br />Anonymousnoreply@blogger.com