David R. Conrad (drc@adni.net)
Thu, 11 Feb 1999 18:13:37 -0500 (EST)
On Thu, 11 Feb 1999, Ben Laurie wrote:
> Bill Frantz wrote:
> >
> > At 2:31 PM -0700 2/10/99, David R. Conrad wrote:
> > >[My problem with this is that the source of entropy is particularly
> > > bad... --Perry]
> >
> > Perry - I thought that /dev/random was fairly good on the systems that
> > support it. However, collapsing all the entropy down to a 16 or 32 bit int
> > seems a bit bogus.
> >
> > [Plus, srand is NOT /dev/random. --Perry]
>
> Is Perry losing it? For the hard of reading, I have excised all but the
> critical line...
>
> > > FILE *fp = fopen("/dev/random", "r");
Of course, on any system without /dev/random it would have quietly used
the current time XORed with the pid as a random seed, and as Bill rightly
pointed out it's utterly bogus to rely on a 32-bit seed, however random
(do even DOS compilers still have sizeof(int) == 2?) (an attacker could
try all 2^32 possible seeds to crack the password, and at 1e6 per second
would only need about 2000 seconds on average -- just over half an hour;
even at 1e3/s it would only take roughly 3 weeks on average, I think).
The second version I posted addressed both of these flaws, but uses c%6 or
c%69 for generating digits or characters, where c is [0..255], which has
some bias.
David R. Conrad <drc@adni.net> PGP keys (0x1993E1AE and 0xA0B83D31):
DSS Fingerprint20 = 9942 E27C 3966 9FB8 5058 73A4 83CE 62EF 1993 E1AE
RSA Fingerprint16 = 1D F2 F3 90 DA CA 35 5D 91 E4 09 45 95 C8 20 F1
Note: Due to frequent spam abuse, I accept no email from *.da.uu.net.
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:27