Re: Some important orphaned packages
On Sat, May 17, 2003 at 11:39:00PM +0200, Marc Haber wrote:
> On Mon, 12 May 2003 13:30:00 -0500, Donald J Bindner
> <dbindner@vh224401.truman.edu> wrote:
> >Maybe I should roll my sleeves up and send them some patches.
>
> apg's upstream is pretty responsive.
I checked out the source, and I don't think it is a good
candidate for for entropy calculation. The pronounceable
generation algorithm uses an elaborate kind of backtracking
method to guarantee that words are English-like.
To know how much "information" a password contains, you
effectively need to know what the probability is of each random
choice you make. [Each choice adds -log_2(p) bits of
information.] It is pretty hard to calculate these values when
the algorithm is constantly making and unmaking choices.
On the other hand, I have some more (intuitive) respect for how
it works now that I have looked through the algorithm some.
I have also checked the pwgen program. It uses a more direct
algorithm, and I already have something of a patch worked
together for it.
Don
--
Don Bindner <dbindner@truman.edu>
Reply to: