Peter: Placing the FAQ for the creation of pass phrases into the documentation for either the I-patch or the Loop AES stuff would be a good idea, I agree. I would prefer it to be converted to SGML format first though, so it could be regenerated in PostScript format and printed on my Apple LaserWriter printer! And yes, the printer is ages olde, and it still works, and I hate Apples for the most part believe it or not! I am willing to write a C program to generate passwords, however, there are experts far beyond my limited skill level whom can create a set of rules for the software to follow. If someone gives me that exact set of rules, I am offering to develop the software you request. Very Respectfully, Stuart Blake Tener, IT3, USNR-R, N3GWG VTU 1904G (Volunteer Training Unit) stuart@xxxxxxxxxxx west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's free!) JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL. Sunday, July 08, 2001 6:29 PM -----Original Message----- From: owner-linux-crypto@xxxxxxxxxxxx [mailto:owner-linux-crypto@xxxxxxxxxxxx]On Behalf Of peter k. Sent: Sunday, July 08, 2001 12:59 PM To: Michael H. Warfield Cc: linux-crypto@xxxxxxxxxxxx Subject: Re: Announce loop-AES-v1.3b file crypto package > 3) You're still making the false assumption that your brain is > a good random number generator. It's not. No matter which way you > cut it, your brain is biased. "Oh, an "A" would look pretty here." > Since you are within your own brain, you are NOT an unbiased observer > of it's workings and (by a little information theory) are incapable > of judging (or even understanding) fully it's own workings. The best > you could do is use some outside influence (dice, cards, /dev/random, > etc) to provide random input to your though processes and you would > still impose your own biases on the process with no way to detect those > biases. Whether or not your brain would be a good random number > generator (and I believe that the weight of opinion is that it would not > be), you are incapable of judging whether it would be simply because > you would not see your own biases. You can't judge it's randomness > based on some proceedure you propose to imploy. You can only judge > it through impartial, unbiased, testing of the output it generates. > You can't do that for yourself. > i agree but i can still tell that i choose my random characters with the least possible bias ;) but i also understand that using the brain for generating random passwords isnt a solution which should be generally suggested in crypto readmes as it really depends on the person who is doing it how random the output is > But that would REALLY be getting off topic here and this thread > has probably gone on for much longer than is productive. yes, and i suggest we make two conclusions from it: (1) there should be a password howto included in loop-AES [and future international kernel patches] (2) maybe there should be a prog written which creates passwords for the user using /dev/random and it could be also included in loop-AES [and future international kernel patches] Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
