pwgen's seeding looks insecure
Garrett Cooper
youshi10 at u.washington.edu
Mon Jan 8 20:41:40 UTC 2007
Garrett Cooper wrote:
> Dan Nelson wrote:
>> In the last episode (Jan 08), Garrett Cooper said:
>>
>>> On Jan 8, 2007, at 10:36 AM, Dan Nelson wrote:
>>>
>>>> Even better: make RANDOM() call random() instead of rand(), and
>>>> initialize the rng with srandomdev().
>>>>
>>>> Another random password generator is in security/apg, and that one
>>>> already uses /dev/random as a seed.
>>>>
>>> Not all architectures support random number generation though IIRC
>>> and random number generation can be removed from the kernel, so I
>>> think that the dev was playing it safe by using another, less random
>>> seed source than /dev/random or /dev/urandom.
>>>
>>
>> Luckily, if srandomdev() can't open /dev/random, it falls back to
>> seeding with gettimeofday() (so more variability than just time()),
>> getpid(), and some random data off the stack, so it's always safe to
>> use. I just noticed that there's also a sranddev, so fixing pwgen is
>> really as simple as replacing the srand() call with sranddev()
> Interesting--I didn't know that. That sounds a lot better than
> what's in place by a long shot and it would be nice to have that in
> the program considering that random number generators are quite
> ubiquitous in Unix nowadays.
> I'll CC the project devs later on today with this thread then.
> -Garrett
Hmm.. it seems that the project hasn't been updated in eons (2001):
<http://sourceforge.net/projects/pwgen>. I'll still try to get a hold of
the dev, but I'm not sure if they are still administering the project.
-Garrett
More information about the freebsd-questions
mailing list