search for: eternallyconfuzzl

...ormly distributed bytes. In this particular case it probably doesn't matter, but you never know when someone copy+pastes your code into their project thinking this is a proper way to generate random passwords, so IMHO its best to avoid the modulo bias. > See here for more details: http://eternallyconfuzzled.com/arts/jsw_art_rand.aspx > And see arc4random_uniform's implementation: http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/arc4random.c?rev=1.26;content-type=text%2Fplain > > 3. The generated password needs ~2^107 brute-force attempts (16 * log2(60) + log2(default_rounds...