I've constructed a program that uses SHA1, with a password and a nonce, to get a challenge-response authentication system. My question is, will there be any difference in the strength of the authentication, between the two following scenarios: 1) The password and nonce are 8 bit, 16 character strings of random bytes from /dev/random 2) The password and nonce are 8 bit, 32 character strings of random hex digits derived from the same string in #1 above Anyone have an informed opinion on this? Thanks! - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
