> 3) You're still making the false assumption that your brain is > a good random number generator. It's not. No matter which way you > cut it, your brain is biased. "Oh, an "A" would look pretty here." > Since you are within your own brain, you are NOT an unbiased observer > of it's workings and (by a little information theory) are incapable > of judging (or even understanding) fully it's own workings. The best > you could do is use some outside influence (dice, cards, /dev/random, > etc) to provide random input to your though processes and you would > still impose your own biases on the process with no way to detect those > biases. Whether or not your brain would be a good random number > generator (and I believe that the weight of opinion is that it would not > be), you are incapable of judging whether it would be simply because > you would not see your own biases. You can't judge it's randomness > based on some proceedure you propose to imploy. You can only judge > it through impartial, unbiased, testing of the output it generates. > You can't do that for yourself. > i agree but i can still tell that i choose my random characters with the least possible bias ;) but i also understand that using the brain for generating random passwords isnt a solution which should be generally suggested in crypto readmes as it really depends on the person who is doing it how random the output is > But that would REALLY be getting off topic here and this thread > has probably gone on for much longer than is productive. yes, and i suggest we make two conclusions from it: (1) there should be a password howto included in loop-AES [and future international kernel patches] (2) maybe there should be a prog written which creates passwords for the user using /dev/random and it could be also included in loop-AES [and future international kernel patches] Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
