
Ultra High Security Password Generator   - mikegirouard
https://www.grc.com/passwords.htm
======
lutusp
This is unbelievable. A quote:

> Every one is completely random (maximum entropy) without any pattern, and
> the cryptographically-strong pseudo random number generator we use
> _guarantees that no similar strings will ever be produced again_.

It's a bit early in your page's text to be lying, especially to a technically
astute readership.

First, there is no such thing as a "cryptographically-strong pseudo random
number generator". It's a pseudorandom number generator, and the probability
that it will produce the exact same password on the next invocation is the
inverse of the word's bit length. That means "no similar strings will ever be
produced again" is an outright lie.

Second, the more results it produces, the more likely that there will be
repetitions of prior results. For the reason, read about the birthday problem:

<http://en.wikipedia.org/wiki/Birthday_problem>

> Every one is completely random (maximum entropy) without any pattern ...

False, which is the meaning behind "pseudorandom". In fact, the exact same
sequence of passwords will be produced by the same algorithm using the same
initial seed, over and over again. All a hacker needs to do is find out which
of the common pseudorandom number generators is in use, provide the same
initial seed, and he has all the provided passwords, arranged in order.

Finally, the two claims --

1\. ... no similar strings will ever be produced again ...

2\. ... cryptographically-strong pseudo random number generator ...

\-- represent an obvious contradiction. If the generator produces a high-
quality pseudorandom sequence, then _ipso facto_ it must be able to produce
the exact same results again. This is a requirement of the provided
definition.

Moral -- don't let uneducated salespeople write your technical descriptions.

