Re: suggesting passwds to users

["SecurityFocus" <securityfocus () david hunter-family org>]

Computers may not be capable of generating truly random data without external
inputs to use as a source of entropy, but it need not be user interaction. 
Radioactive decay, for instance, is random (as best we can tell), and there
are systems that you can buy that use the timing of radiologic measurements as
a source of entropy.

That said, in most environments poor user password management is a much bigger
threat than PRNG limitations.

- David Hunter

-----Original message from Saqib Ali-----
[snip]
> > No offense, but DUH!  Isn't it impossible for a computer to generate a
> > truly random number without user interaction (such as random mouse
> > movements to generate entropy, as gnupg asks the user to do when
> > generating pub/priv keypairs)?  Nevertheless, as your
> > pseudo-randomness tends toward zero you will hit a point that is
> > statistically acceptable.  Like when scientists agree that 1x10^-200
> > chance of occurence can reasonably be considered impossible.