If there's any format regularity in the output, like it's in one of the PKCS message formats, that could be detected. Or if it's a fixed length that could give it away.
Webcam hack. Social engineering. Binoculars. All the things.
Just sweeping them up en masse and trying popular keys.
> If there's any format regularity in the output, like it's in one of the PKCS message formats, that could be detected.
After entering some junk data, and incrementing the counter field, /every/ generated password has started with one of [aeiouy], so there clearly is some regularity in the output, and I guess more if analysed in detail.
Same here, it seems like every password starts with one of these [aeiouy] characters. So it seems these passwords are not as safe as they seem. Brute force may not be necessary to break these passwords. Is there any alternative services out there that require no storage?
Webcam hack. Social engineering. Binoculars. All the things.
Just sweeping them up en masse and trying popular keys.