pwgen's seeding looks insecure
Dan Nelson
dnelson at allantgroup.com
Mon Jan 8 19:14:12 UTC 2007
In the last episode (Jan 08), Garrett Cooper said:
> On Jan 8, 2007, at 10:36 AM, Dan Nelson wrote:
> >
> >Even better: make RANDOM() call random() instead of rand(), and
> >initialize the rng with srandomdev().
> >
> >Another random password generator is in security/apg, and that one
> >already uses /dev/random as a seed.
>
> Not all architectures support random number generation though IIRC
> and random number generation can be removed from the kernel, so I
> think that the dev was playing it safe by using another, less random
> seed source than /dev/random or /dev/urandom.
Luckily, if srandomdev() can't open /dev/random, it falls back to
seeding with gettimeofday() (so more variability than just time()),
getpid(), and some random data off the stack, so it's always safe to
use. I just noticed that there's also a sranddev, so fixing pwgen is
really as simple as replacing the srand() call with sranddev().
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list