pwgen's seeding looks insecure
RW
fbsd06 at mlists.homeunix.com
Mon Jan 8 18:25:38 UTC 2007
Someone recently recommended sysutils/pwgen for generating user
passwords. Out of curiosity I had a look at how it works, and I don't
like the look of its PRNG initialization:
#ifdef RAND48
srand48((time(0)<<9) ^ (getpgrp()<<15) ^ (getpid()) ^ (time(0)>>11));
#else
srand(time(0) ^ (getpgrp() << 8) + getpid());
#endif
If pwgen is called from an account creation script, time(0) can be
inferred from timestamps, e.g. on a home-directory, so that just leaves
getpid() and getpgrp(). PIDs are allocated sequentially and globally,
so getpid() is highly predictable. I don't know much about getpgrp(),
but from the manpage it doesn't appear to be any better.
Unless getpgrp() is a better source of entropy than I give it credit
for, I think this port should perhaps be marked as vulnerable.
More information about the freebsd-questions
mailing list