home *** CD-ROM | disk | FTP | other *** search
- Xref: sparky comp.unix.admin:5053 comp.unix.ultrix:6945 comp.unix.wizards:3919
- Path: sparky!uunet!gatech!concert!duke!trt
- From: trt@duke.cs.duke.edu (Tom Truscott)
- Newsgroups: comp.unix.admin,comp.unix.ultrix,comp.unix.wizards
- Subject: Re: random passwd generator
- Message-ID: <716612470@romeo.cs.duke.edu>
- Date: 16 Sep 92 03:01:11 GMT
- References: <1992Sep4.170148.17469@trentu.ca> <SY2PBNX5@cc.swarthmore.edu>
- Followup-To: comp.unix.admin
- Organization: IBM RTP
- Lines: 34
-
- "Random" password generators rarely are.
- Never trust a password generator that using a pseudo-random
- number generator.
-
- > srandom((int)(time((time_t *)0)));
-
- This (seconds-since-Epoch) is the only source of randomness in the program.
- Since srandom accepts a 32 bit number, the program can generate
- at most 4 billion different sequences of passwords.
- At 5k trial crypt()s/second an exhaustive attack using a single
- workstation would require 5 days on average to break a given sequence.
- A clever Bad Guy might first try times in the current month, of course :-)
-
- Only by keeping the source (and binary) a secret can this weakness be hidden
- from the Bad Guy. But you have just given the Bad Guys a copy.
-
- You need much more randomness. Create an array of "random_info":
- time-since-Epoch -- seconds and microseconds.
- current process id
- parent process id
- last access/modify times of directories and files such as
- /
- /tmp
- /etc/passwd
- (Even better, have the user type something and time the delay
- between key presses with a high-accuracy clock or by busy-looping.
- That defends against a Bad Guy logged onto your system at the time
- you run the password generator.)
- Then use this info rather than calls to random().
- Or, if you must, at least periodically do
- srandom(random() ^ random_info[i++ % info_count]);
- so that the random info gets folded into your calculations.
-
- Tom Truscott
-
