This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
How much entropy is used in password generation?
I realized I have been naïvely trusting that generated passwords were truly random. But this is not necessarily the case.
[list=1]
[*]How is the "randomness" of generated passwords assured?
[*]Do any of your browser extensions use Javascript's Math.random function, or a stronger mechanism?
[/list]
Thank you.
[list=1]
[*]How is the "randomness" of generated passwords assured?
[*]Do any of your browser extensions use Javascript's Math.random function, or a stronger mechanism?
[/list]
Thank you.
Flag
0
Comments
-
1Password for Mac is using [font=courier new,courier,monospace]/dev/urandom[/font]
1Password for iOS is using [font=courier new,courier,monospace]SecRandomCopyBytes[/font]
The JavaScript code is using Math.random() in some places (UUID generation) and [url=http://bitwiseshiftleft.github.com/sjcl/doc/symbols/sjcl.random.html]sjcl.random[/url].
I am not sure how good Math.random() -- do you have any information on that?Flag 0
