From owner-freebsd-questions@FreeBSD.ORG Mon Jan 8 18:42:15 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5CED316A407 for ; Mon, 8 Jan 2007 18:42:15 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from mxout3.cac.washington.edu (mxout3.cac.washington.edu [140.142.32.166]) by mx1.freebsd.org (Postfix) with ESMTP id 3AC1A13C459 for ; Mon, 8 Jan 2007 18:42:15 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.33.7] (may be forged)) by mxout3.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id l08IgEE1006868 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 8 Jan 2007 10:42:14 -0800 X-Auth-Received: from [192.168.0.102] (dsl254-013-145.sea1.dsl.speakeasy.net [216.254.13.145]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id l08IgEY6020102 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for ; Mon, 8 Jan 2007 10:42:14 -0800 Mime-Version: 1.0 (Apple Message framework v752.2) In-Reply-To: <20070108175314.27ce391f@gumby.homeunix.com> References: <20070108175314.27ce391f@gumby.homeunix.com> X-Gpgmail-State: !signed Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Garrett Cooper Date: Mon, 8 Jan 2007 10:42:12 -0800 To: freebsd-questions@freebsd.org X-Mailer: Apple Mail (2.752.2) X-PMX-Version: 5.2.2.285561, Antispam-Engine: 2.5.0.283055, Antispam-Data: 2007.1.8.102933 X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0' Subject: Re: pwgen's seeding looks insecure X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jan 2007 18:42:15 -0000 On Jan 8, 2007, at 9:53 AM, RW wrote: > Someone recently recommended sysutils/pwgen for generating user > passwords. Out of curiosity I had a look at how it works, and I don't > like the look of its PRNG initialization: > > > #ifdef RAND48 > srand48((time(0)<<9) ^ (getpgrp()<<15) ^ (getpid()) ^ (time(0) > >>11)); > #else > srand(time(0) ^ (getpgrp() << 8) + getpid()); > #endif > > > If pwgen is called from an account creation script, time(0) can be > inferred from timestamps, e.g. on a home-directory, so that just > leaves > getpid() and getpgrp(). PIDs are allocated sequentially and globally, > so getpid() is highly predictable. I don't know much about getpgrp(), > but from the manpage it doesn't appear to be any better. > > Unless getpgrp() is a better source of entropy than I give it credit > for, I think this port should perhaps be marked as vulnerable. It's not spectacular looking at that output, but it seems like a typical hash. As long as getpgrp() and getpid() don't always fall in the same range (thus producing the same sets of numbers) and getpid() doesn't return a multiple of getpgrp() << 8, I don't see any particular problems with the above setup. pwgen would do better on a system with a lot more processes though, or one that's been up longer though, since PIDs increase over time. -Garrett