"peter k." wrote: > >I hope it is. People are _really_ bad at picking random things - try > >an experiment - ask a group of people to pick a random number. You'll be > >surprised... > > it is not, for example, i just generated that *using my brain*: > "s4k1f62rni7q" > tell me why it isnt random!!! Your string has 12 characters, perhaps from a set of about 32 (lowercase + digits) or 64 (both cases + digits) choices, so there could be 5 or 6 bits of randomness per character, 60 to 72 bits overall. Experiments have actually been run on this. Ask a bunch of people to generate random strings, then do statistical analysis of the strings. The analysis shows them falling far short of full randomness. Suppose you use such strings as passwords and I don my Black Hat and try to crack them. If you're using a high-quality random source, I have more work to do, on average, than if you used humans and I use statistical info on human biases to guide my search. I'm not sure how large this effect is, but it is there. Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
