[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Some important orphaned packages

On Sat, May 17, 2003 at 11:39:00PM +0200, Marc Haber wrote:
> On Mon, 12 May 2003 13:30:00 -0500, Donald J Bindner
> <dbindner@vh224401.truman.edu> wrote:
> >Maybe I should roll my sleeves up and send them some patches.
> 
> apg's upstream is pretty responsive.

I checked out the source, and I don't think it is a good
candidate for for entropy calculation.  The pronounceable
generation algorithm uses an elaborate kind of backtracking
method to guarantee that words are English-like.

To know how much "information" a password contains, you
effectively need to know what the probability is of each random
choice you make.  [Each choice adds -log_2(p) bits of
information.]  It is pretty hard to calculate these values when
the algorithm is constantly making and unmaking choices.

On the other hand, I have some more (intuitive) respect for how
it works now that I have looked through the algorithm some.


I have also checked the pwgen program.  It uses a more direct
algorithm, and I already have something of a patch worked
together for it.

Don

-- 
Don Bindner <dbindner@truman.edu>
Reply to: