From owner-freebsd-questions@FreeBSD.ORG Mon Jan 8 19:14:12 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5187816A403 for ; Mon, 8 Jan 2007 19:14:12 +0000 (UTC) (envelope-from dan@dan.emsphone.com) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.freebsd.org (Postfix) with ESMTP id 1B0E913C442 for ; Mon, 8 Jan 2007 19:14:11 +0000 (UTC) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.13.6/8.13.8) id l08JEB9b048544; Mon, 8 Jan 2007 13:14:11 -0600 (CST) (envelope-from dan) Date: Mon, 8 Jan 2007 13:14:11 -0600 From: Dan Nelson To: Garrett Cooper Message-ID: <20070108191411.GG41724@dan.emsphone.com> References: <20070108175314.27ce391f@gumby.homeunix.com> <20070108183645.GF41724@dan.emsphone.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-OS: FreeBSD 6.2-PRERELEASE User-Agent: Mutt/1.5.13 (2006-08-11) Cc: freebsd-questions@freebsd.org Subject: Re: pwgen's seeding looks insecure X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jan 2007 19:14:12 -0000 In the last episode (Jan 08), Garrett Cooper said: > On Jan 8, 2007, at 10:36 AM, Dan Nelson wrote: > > > >Even better: make RANDOM() call random() instead of rand(), and > >initialize the rng with srandomdev(). > > > >Another random password generator is in security/apg, and that one > >already uses /dev/random as a seed. > > Not all architectures support random number generation though IIRC > and random number generation can be removed from the kernel, so I > think that the dev was playing it safe by using another, less random > seed source than /dev/random or /dev/urandom. Luckily, if srandomdev() can't open /dev/random, it falls back to seeding with gettimeofday() (so more variability than just time()), getpid(), and some random data off the stack, so it's always safe to use. I just noticed that there's also a sranddev, so fixing pwgen is really as simple as replacing the srand() call with sranddev(). -- Dan Nelson dnelson@allantgroup.com