Date: Mon, 8 Jan 2007 12:36:45 -0600 From: Dan Nelson <dnelson@allantgroup.com> To: RW <fbsd06@mlists.homeunix.com> Cc: questions@freebsd.org, oddbjorn@tricknology.org Subject: Re: pwgen's seeding looks insecure Message-ID: <20070108183645.GF41724@dan.emsphone.com> In-Reply-To: <20070108175314.27ce391f@gumby.homeunix.com> References: <20070108175314.27ce391f@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Jan 08), RW said: > Someone recently recommended sysutils/pwgen for generating user > passwords. Out of curiosity I had a look at how it works, and I > don't like the look of its PRNG initialization: > > > #ifdef RAND48 > srand48((time(0)<<9) ^ (getpgrp()<<15) ^ (getpid()) ^ (time(0)>>11)); > #else > srand(time(0) ^ (getpgrp() << 8) + getpid()); > #endif > > If pwgen is called from an account creation script, time(0) can be > inferred from timestamps, e.g. on a home-directory, so that just leaves > getpid() and getpgrp(). PIDs are allocated sequentially and globally, > so getpid() is highly predictable. I don't know much about getpgrp(), > but from the manpage it doesn't appear to be any better. Even better: make RANDOM() call random() instead of rand(), and initialize the rng with srandomdev(). Another random password generator is in security/apg, and that one already uses /dev/random as a seed. -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070108183645.GF41724>