From owner-freebsd-questions Sun Oct 6 14:28: 9 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E5F337B401 for ; Sun, 6 Oct 2002 14:28:08 -0700 (PDT) Received: from mta5.snfc21.pbi.net (mta5.snfc21.pbi.net [206.13.28.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id D80FE43E3B for ; Sun, 6 Oct 2002 14:28:07 -0700 (PDT) (envelope-from mbsd@pacbell.net) Received: from atlas ([64.160.45.64]) by mta5.snfc21.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0H3K00EQBWYV28@mta5.snfc21.pbi.net> for FreeBSD-Questions@FreeBSD.Org; Sun, 06 Oct 2002 14:28:07 -0700 (PDT) Date: Sun, 06 Oct 2002 14:28:06 -0700 (PDT) From: =?ISO-8859-1?Q?Mikko_Ty=F6l=E4j=E4rvi?= Subject: Re: /dev/urandom is randomly cool In-reply-to: <20021006161444.H90352-100000@cactus.fi.uba.ar> X-X-Sender: mikko@atlas.home To: Fernando Gleiser Cc: Peter Leftwich , FreeBSD Questions LIST Message-id: <20021006141742.L308-100000@atlas.home> MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=ISO-8859-1 Content-transfer-encoding: 8BIT Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, 6 Oct 2002, Fernando Gleiser wrote: > On Sun, 6 Oct 2002, Mikko Työläjärvi wrote: > > > > > tr -cd a-zA-Z0-9 < /dev/urandom | dd bs=$len count=1 2>/dev/null > > > > Which will give you $len random bytes from the set a-zA-Z0-9 (it reads > > a lot more from /dev/urandom than it produces though). > > yes, and that is bad :( I know. That is why I mentioned it. You snipped the part where I said that the above is "one way" of accomplishing the task, as opposed to "the only way" or "the best way", much like "slowsort" is one way to sort data :) If the characters "/" and "+" are added to the set of acceptable output chracters, then the solution is "dd the right amount of data and feed to your favourite base64 encoder". As the problem was formulated, you'd need a base62 encoder. > It is not good to mess with /dev/[u]random more than what's really needed, > because you can exhaust the entropy pool, and that's a Bad Thing. /dev/urandom does not get exhausted, it just gets diluted. Still sub-optimal, but not a total disaster. > In your home box, for learning purposes, that's OK, but in a production box > which needs a good working prng (for crypto session keys, auth cookies and the > like) it is not acceptable to "eat" all the entropy pool unless you have > a very good reason to do so. Agreed. $.02, /Mikko To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message