Date: Sun, 06 Oct 2002 14:28:06 -0700 (PDT) From: =?ISO-8859-1?Q?Mikko_Ty=F6l=E4j=E4rvi?= <mbsd@pacbell.net> To: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> Cc: Peter Leftwich <Hostmaster@Video2Video.Com>, FreeBSD Questions LIST <FreeBSD-Questions@FreeBSD.Org> Subject: Re: /dev/urandom is randomly cool Message-ID: <20021006141742.L308-100000@atlas.home> In-Reply-To: <20021006161444.H90352-100000@cactus.fi.uba.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 6 Oct 2002, Fernando Gleiser wrote: > On Sun, 6 Oct 2002, Mikko Työläjärvi wrote: > > > > > tr -cd a-zA-Z0-9 < /dev/urandom | dd bs=$len count=1 2>/dev/null > > > > Which will give you $len random bytes from the set a-zA-Z0-9 (it reads > > a lot more from /dev/urandom than it produces though). > > yes, and that is bad :( I know. That is why I mentioned it. You snipped the part where I said that the above is "one way" of accomplishing the task, as opposed to "the only way" or "the best way", much like "slowsort" is one way to sort data :) If the characters "/" and "+" are added to the set of acceptable output chracters, then the solution is "dd the right amount of data and feed to your favourite base64 encoder". As the problem was formulated, you'd need a base62 encoder. > It is not good to mess with /dev/[u]random more than what's really needed, > because you can exhaust the entropy pool, and that's a Bad Thing. /dev/urandom does not get exhausted, it just gets diluted. Still sub-optimal, but not a total disaster. > In your home box, for learning purposes, that's OK, but in a production box > which needs a good working prng (for crypto session keys, auth cookies and the > like) it is not acceptable to "eat" all the entropy pool unless you have > a very good reason to do so. Agreed. $.02, /Mikko To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021006141742.L308-100000>