From owner-freebsd-questions@FreeBSD.ORG Mon Jan 8 21:18:28 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DF66816A407 for ; Mon, 8 Jan 2007 21:18:28 +0000 (UTC) (envelope-from fbsd06@mlists.homeunix.com) Received: from mxout-03.mxes.net (mxout-03.mxes.net [216.86.168.178]) by mx1.freebsd.org (Postfix) with ESMTP id B866313C442 for ; Mon, 8 Jan 2007 21:18:26 +0000 (UTC) (envelope-from fbsd06@mlists.homeunix.com) Received: from gumby.homeunix.com (unknown [87.81.140.128]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTP id 6AD7F51980 for ; Mon, 8 Jan 2007 16:18:25 -0500 (EST) Date: Mon, 8 Jan 2007 21:18:23 +0000 From: RW To: freebsd-questions@freebsd.org Message-ID: <20070108211823.4c4b51c9@gumby.homeunix.com> In-Reply-To: References: <20070108175314.27ce391f@gumby.homeunix.com> <20070108183645.GF41724@dan.emsphone.com> X-Mailer: Sylpheed-Claws 2.6.0 (GTK+ 2.10.6; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: pwgen's seeding looks insecure X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jan 2007 21:18:29 -0000 On Mon, 8 Jan 2007 10:56:50 -0800 Garrett Cooper wrote: > On Jan 8, 2007, at 10:36 AM, Dan Nelson wrote: > > > In the last episode (Jan 08), RW said: > >> Someone recently recommended sysutils/pwgen for generating user > >> passwords. Out of curiosity I had a look at how it works, and I > >> don't like the look of its PRNG initialization: > >> > >> > >> #ifdef RAND48 > >> srand48((time(0)<<9) ^ (getpgrp()<<15) ^ (getpid()) ^ (time(0) > >> >>11)); > >> #else > >> srand(time(0) ^ (getpgrp() << 8) + getpid()); > >> #endif > >> > >> If pwgen is called from an account creation script, time(0) can be > >> inferred from timestamps, e.g. on a home-directory, so that just > >> leaves > >> getpid() and getpgrp(). PIDs are allocated sequentially and > >> globally, > >> so getpid() is highly predictable. I don't know much about > >> getpgrp(), but from the manpage it doesn't appear to be any better. > > > > Even better: make RANDOM() call random() instead of rand() I wasn't suggesting the use of getpgrp(), it's one of the existing three sources of entropy . The other two sources are can be inferred by any user (assuming that pwgen is run close to the point at which the account is created). What I was wondering is how much secure entropy there is in getpgrp() alone. I just wrote a little test program, and getpgrp() seems to return the same number as getpid. If I haven't screwed-up and that is generally correct, then any user can log PIDs verses time and find the password of a newly created account from the datestamp of its home directory, within a few attempts.