Date: Mon, 8 Jan 2007 10:56:50 -0800 From: Garrett Cooper <youshi10@u.washington.edu> To: freebsd-questions@freebsd.org Subject: Re: pwgen's seeding looks insecure Message-ID: <EAE5160D-6B80-4C6A-BB8F-70518EE0711F@u.washington.edu> In-Reply-To: <20070108183645.GF41724@dan.emsphone.com> References: <20070108175314.27ce391f@gumby.homeunix.com> <20070108183645.GF41724@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 8, 2007, at 10:36 AM, Dan Nelson wrote: > In the last episode (Jan 08), RW said: >> Someone recently recommended sysutils/pwgen for generating user >> passwords. Out of curiosity I had a look at how it works, and I >> don't like the look of its PRNG initialization: >> >> >> #ifdef RAND48 >> srand48((time(0)<<9) ^ (getpgrp()<<15) ^ (getpid()) ^ (time(0) >> >>11)); >> #else >> srand(time(0) ^ (getpgrp() << 8) + getpid()); >> #endif >> >> If pwgen is called from an account creation script, time(0) can be >> inferred from timestamps, e.g. on a home-directory, so that just >> leaves >> getpid() and getpgrp(). PIDs are allocated sequentially and >> globally, >> so getpid() is highly predictable. I don't know much about getpgrp(), >> but from the manpage it doesn't appear to be any better. > > Even better: make RANDOM() call random() instead of rand(), and > initialize the rng with srandomdev(). > > Another random password generator is in security/apg, and that one > already uses /dev/random as a seed. > > -- > Dan Nelson > dnelson@allantgroup.com Not all architectures support random number generation though IIRC and random number generation can be removed from the kernel, so I think that the dev was playing it safe by using another, less random seed source than /dev/random or /dev/urandom. -Garrett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EAE5160D-6B80-4C6A-BB8F-70518EE0711F>