From owner-freebsd-stable  Tue Jul 10  8:57:40 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from smtpproxy1.mitre.org (mb-20-100.mitre.org [129.83.20.100])
	by hub.freebsd.org (Postfix) with ESMTP id 8101F37B408
	for <stable@freebsd.org>; Tue, 10 Jul 2001 08:57:32 -0700 (PDT)
	(envelope-from jandrese@mitre.org)
Received: from avsrv1.mitre.org (avsrv1.mitre.org [129.83.20.58])
	by smtpproxy1.mitre.org (8.11.3/8.11.3) with ESMTP id f6AFuUD28487;
	Tue, 10 Jul 2001 11:56:31 -0400 (EDT)
Received: from MAILHUB1 (mailhub1.mitre.org [129.83.20.31])
	by smtpsrv1.mitre.org (8.11.3/8.11.3) with ESMTP id f6AFuTX26550;
	Tue, 10 Jul 2001 11:56:29 -0400 (EDT)
Received: from dhcp-105-164.mitre.org (128.29.105.164) by mailhub1.mitre.org with SMTP
        id 7001828; Tue, 10 Jul 2001 11:56:23 -0400
Message-ID: <3B4B25A9.74D97085@mitre.org>
Date: Tue, 10 Jul 2001 11:56:26 -0400
From: Jason Andresen <jandrese@mitre.org>
Organization: The MITRE Corporation
X-Mailer: Mozilla 4.75 [en]C-20000818M  (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Mike Tancsa <mike@sentex.net>
Cc: HIRATA Yasuyuki <yasu@asuka.net>, stable@freebsd.org
Subject: Re: Generating encrypted passwords
References: <4.2.2.20010710081901.05a68008@192.168.0.12>
	 <200107100306.NAA21657@lightning.itga.com.au>
	 <Pine.BSF.4.21.0107100336560.1040-100000@veager.siteplus.ne t>
	 <4.2.2.20010710081901.05a68008@192.168.0.12> <5.1.0.14.0.20010710102259.04255440@marble.sentex.ca>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

Mike Tancsa wrote:
> 
> At 10:01 PM 7/10/01 +0900, HIRATA Yasuyuki wrote:
> > > What about a
> > > srand (time ^ $$ ^ unpack "%L*", `ps -auxw | gzip`);
> > >
> > > at the start of your program
> >
> >If you use perl 5.005 or later, it's better to call srand without seed
> >or not to call srand at all.  See perldoc -f srand for detail.
> 
> Hi,
> but the same perldoc says,
> 
> ....
> Note that you need something much more random than the default seed for
> cryptographic purposes.  Checksumming the compressed output of one or more
> rapidly changing operating system status programs is the usual method.  For
> example:
> 
>      srand (time ^ $$ ^ unpack "%L*", `ps axww | gzip`);

Doesn't the default seed just use /dev/urandom?  I thought /dev/urandom
was good enough for seeding consumer type crypto stuff.  Of course
if you don't have /dev/urandom is just uses it's process ID and the 
system time, which is certainly not good enough for any kind of 
crypto.  

At least the manpage isn't telling you to grab the first two bytes 
off of a gzip output of ps axww, since that always returned the magic
number for gzip. 

-- 
  \  |_ _|__ __|_ \ __| Jason Andresen        jandrese@mitre.org
 |\/ |  |    |    / _|  Network and Distributed Systems Engineer
_|  _|___|  _| _|_\___| Office: 703-883-7755


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message