3 Comments

Summary:

According to a recent article on macosxhints.com, the random password generator widgets may not be so random after all. Apparently, the JavaScript call Math.random() is quite repetitive in its creation of passwords. I was delighted when I found a widget that destroyed my only excuse for […]

According to a recent article on macosxhints.com, the random password generator widgets may not be so random after all. Apparently, the JavaScript call Math.random() is quite repetitive in its creation of passwords. I was delighted when I found a widget that destroyed my only excuse for using the same password over and over again, but after reading this article, I have gone in an changed all my passwords to ones created with the OS X password creator assistant in the Users preference pane.

  1. Note: it’s not repetitive because it’s a flawed RNG algorithm, it’s repetitive because it always starts with the same seed each time the Dock is restarted, and there’s no way to change the seed.

    However, that’s no excuse for these widgets. They could easily (well, by using system() which requires declaring it needs shell access, but that’s not a big deal) just grab input from /dev/random, which is a great random number source and does not have the problems of Math.random().

    Share
  2. you might also use the password creator in keychain there you can see the security of the password aswell

    Share
  3. FWIW, my password generation widget, Make-A-Pass, seeds its RNG algorithm using /dev/random … truly random, highly secure:

    http://andrew.hedges.name/widgets/

    Share

Comments have been disabled for this post