Date: Tue, 10 Jul 2001 11:56:26 -0400 From: Jason Andresen <jandrese@mitre.org> To: Mike Tancsa <mike@sentex.net> Cc: HIRATA Yasuyuki <yasu@asuka.net>, stable@freebsd.org Subject: Re: Generating encrypted passwords Message-ID: <3B4B25A9.74D97085@mitre.org> References: <4.2.2.20010710081901.05a68008@192.168.0.12> <200107100306.NAA21657@lightning.itga.com.au> <Pine.BSF.4.21.0107100336560.1040-100000@veager.siteplus.ne t> <4.2.2.20010710081901.05a68008@192.168.0.12> <5.1.0.14.0.20010710102259.04255440@marble.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Tancsa wrote: > > At 10:01 PM 7/10/01 +0900, HIRATA Yasuyuki wrote: > > > What about a > > > srand (time ^ $$ ^ unpack "%L*", `ps -auxw | gzip`); > > > > > > at the start of your program > > > >If you use perl 5.005 or later, it's better to call srand without seed > >or not to call srand at all. See perldoc -f srand for detail. > > Hi, > but the same perldoc says, > > .... > Note that you need something much more random than the default seed for > cryptographic purposes. Checksumming the compressed output of one or more > rapidly changing operating system status programs is the usual method. For > example: > > srand (time ^ $$ ^ unpack "%L*", `ps axww | gzip`); Doesn't the default seed just use /dev/urandom? I thought /dev/urandom was good enough for seeding consumer type crypto stuff. Of course if you don't have /dev/urandom is just uses it's process ID and the system time, which is certainly not good enough for any kind of crypto. At least the manpage isn't telling you to grab the first two bytes off of a gzip output of ps axww, since that always returned the magic number for gzip. -- \ |_ _|__ __|_ \ __| Jason Andresen jandrese@mitre.org |\/ | | | / _| Network and Distributed Systems Engineer _| _|___| _| _|_\___| Office: 703-883-7755 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B4B25A9.74D97085>