pwgen's seeding looks insecure

Garrett Cooper youshi10 at u.washington.edu
Mon Jan 8 20:41:40 UTC 2007


Garrett Cooper wrote:
> Dan Nelson wrote:
>> In the last episode (Jan 08), Garrett Cooper said:
>>  
>>> On Jan 8, 2007, at 10:36 AM, Dan Nelson wrote:
>>>    
>>>> Even better: make RANDOM() call random() instead of rand(), and
>>>> initialize the rng with srandomdev().
>>>>
>>>> Another random password generator is in security/apg, and that one
>>>> already uses /dev/random as a seed.
>>>>       
>>> Not all architectures support random number generation though IIRC
>>> and random number generation can be removed from the kernel, so I
>>> think that the dev was playing it safe by using another, less random
>>> seed source than /dev/random or /dev/urandom.
>>>     
>>
>> Luckily, if srandomdev() can't open /dev/random, it falls back to
>> seeding with gettimeofday() (so more variability than just time()),
>> getpid(), and some random data off the stack, so it's always safe to
>> use.  I just noticed that there's also a sranddev, so fixing pwgen is
>> really as simple as replacing the srand() call with sranddev()
>    Interesting--I didn't know that. That sounds a lot better than 
> what's in place by a long shot and it would be nice to have that in 
> the program considering that random number generators are quite 
> ubiquitous in Unix nowadays.
>    I'll CC the project devs later on today with this thread then.
> -Garrett
Hmm.. it seems that the project hasn't been updated in eons (2001): 
<http://sourceforge.net/projects/pwgen>. I'll still try to get a hold of 
the dev, but I'm not sure if they are still administering the project.
-Garrett


More information about the freebsd-questions mailing list