-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (OK, I'll try this again, since the first attempt didn't seem to be successful. Probably because I sent it using a different e-mail address from the one I used to subscribe to the list.) >>>>> "peter" == peter k <spam-goes-to-dev-null@xxxxxxx> writes: peter> it is not, for example, i just generated that *using my brain*: peter> "s4k1f62rni7q" tell me why it isnt random!!! It may be random, but it is not _uniformly_ random. It's the same reason you wouldn't want to use a biased coin to generate a random bit pattern. It would still be random, but it would be biased. The brain is biased. The sequence "abcdefghijkl" might be output by a random string generator (and in fact that particular string would have the same probability of occurring as "s4k1f62rni7q"), but no one would write out that string if they were trying to be random. You'd try to avoid strings which seem to have too many patterns. Now a bias against "abcdefghijkl" could arguably be a good thing, but there are a lot of other biases that I'm not aware of that a psychologist could probably come up with. Just a guess, but I bet the starting character of a password would be biased towards certain characters. "a" would probably be the least common starting letter. Another example: ask a few friends to pick a number between 1 and 4. They are most likely to pick 3. Ask a few friends to pick a vegetable. They are most likely to say carrot. The brain seems to be heavily biased towards these. If you are asked to type random keys on your keyboard, most of the letter pairs in that string would probably come from opposite ends of the keyboard (e.g. one character would come from the left end, and the next would come from the right end). - -- Hubert Chan <hackerhue@xxxxxxxx> - http://www.geocities.com/hubertchan/ PGP/GnuPG key: 1024D/71FDA37F Fingerprint: 6CC5 822D 2E55 494C 81DD 6F2C 6518 54DF 71FD A37F Key available at wwwkeys.pgp.net. Please encrypt *all* e-mail to me. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7SUJfZRhU33H9o38RAulKAJ9DMWUmTTLdy1gYYuCi0Q7qDjUkRQCbBvGi n2b+qYBbomiYys/Gza2MVh4= =PoXC -----END PGP SIGNATURE----- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
