swordfish --- a password generator Post: 302081450

Sponsored Content

Special Forums Cybersecurity swordfish --- a password generator Post 302081450 by Perderabo on Tuesday 25th of July 2006 11:19:23 AM

07-25-2006

Administrator Emeritus

I will post a new copy of swordfish making these changes:

Code:

In the weak_start_tigershark function: the line in green is new.

function weak_start_tigershark
{
        typeset -i  i final duration
        ((final=SECONDS+2))

        while((SECONDS < final)) ; do
                i=$RANDOM
        done

        ((Carry=0))
        ((X0=$$))
        ((X1=RANDOM))
        ((X2=RANDOM))
        ((X3=RANDOM))
        ((DEBUG)) && echo weakstart X3=$X3 X2=$X2 X1=$X1 X0=$X0 Carry=$Carry
        Sum=0
        ((Stigershark=Stigershark+1))
        return 0
}


In the Main section: The lines in red go away:

if [[ $Entropy = $ZeroEntropy ]] ; then
                echo "********************************" >&2
                echo "*                              *" >&2
                echo "*  Warning:  Entropy is zero!  *" >&2
                echo "*                              *" >&2
                echo "********************************" >&2
                echo generating weak entropy... >&2
                weak_start_tigershark
                status_tigershark
                entropy_generator 1 array
                echo  Entropy = ${Entropy}
                NeedMoreEntropy=1
fi

It is too early in the program to call status_tigershark since linecount has not be initialized and also it is sending unsolicted output to stdout. And that "echo Entropy" should have been directed to stderr as well. The remaining error message should be enough to call attention to the fact that swordfish is not operating in an optimum manner. And the user can always turn on debug mode for more output.

Yes, my intent is that swordfish be invoked always in the same directory. swordfish maintains an entropy file which is random data used to initialize the internal random number generator. But the first time the random number generator is called, there won't be an entropy file. So swordfish will initialize the RNG from /dev/urandom or /dev/random. If neither of those is available then swordfish is stuck with no decent source of initial random numbers. So it invokes the internal ksh RANDOM routine to get a few random numbers and it uses its current PID for one more random number. It first spends a couple of seconds burning off some of KSH's random numbers so it is not as bad as it might otherwise be. But it still complains about the situation. This is what is happening to you. Even HP-UX finally implemented /dev/random in 11.23. What OS are you using without a /dev/random?

If you really want to call swordfish from arbitrary directories, you could change the line:
ENTROPYFILE=swordfish.ent
to be an obsolute path to your entropy file. But remember, if other people can read your entropy file, they might be able to predict the passwords it
will generate.

Perderabo

View Public Profile for Perderabo

Find all posts by Perderabo

7 More Discussions You Might Find Interesting

1. Cybersecurity

Password Generator

I need a great Password Generator program. I looked at a few of them, but none of them seemed to be what I wanted. So I have decided to write my own. (That's the cool thing about being a programmer....I always get what I want in software :) ) Do you have any password generators that you...

2. UNIX for Dummies Questions & Answers

date generator

Is there a command to generate the unix date that is in theshadow file?>?

3. Shell Programming and Scripting

time generator

Hi experts, I'd like to generate the table/file containing: number of milliseconds elapsed since midnight till midnight. It should contain 5 columns (hours minutes seconds milliseconds): Table will have theoretically 86 400 000 rows. My question is , is there somewhere the file or source...

4. Shell Programming and Scripting

Sequence generator

Thanks Guys This really helped

5. UNIX for Beginners Questions & Answers

Password generator with user inputs

Hi, I am new to bash scripting and i wanted to make a bash script that will generate a password for a user. The user must enter his/her name and the url of the site the password is used for. And the script will generate a password with those two elements in the password. So if the url is...

6. Shell Programming and Scripting

Random Password generator with 2 digits and 6 characters

I am using the below to random generate a password but I need to have 2 numeric characters and 6 alphabetic chars head /dev/urandom | tr -dc A-Za-z0-9 | head -c 8 ; echo '' 6USUvqRB ------ Post updated at 04:43 PM ------ Any Help folks - Can the output be passed onto a sed command to...

7. Forum Support Area for Unregistered Users & Account Problems

Password sent via reset password email is 'weak' and won't allow me to change my password

I was unable to login and so used the "Forgotten Password' process. I was sent a NEWLY-PROVIDED password and a link through which my password could be changed. The NEWLY-PROVIDED password allowed me to login. Following the provided link I attempted to update my password to one of my own...

LEARN ABOUT DEBIAN

data::entropy::rawsource::local

Data::Entropy::RawSource::Local(3pm)			User Contributed Perl Documentation		      Data::Entropy::RawSource::Local(3pm)

NAME

       Data::Entropy::RawSource::Local - read randomness from local device

SYNOPSIS

	       use Data::Entropy::RawSource::Local;

	       my $rawsrc = Data::Entropy::RawSource::Local->new;

	       $rawsrc->sysread($c, 1);
	       # and the rest of the I/O handle interface

DESCRIPTION

       This class provides a constructor to open an I/O handle connected to a local source of random octets.  This may be a strong entropy source,
       depending on the OS, but not every OS has such a facility at all.

       There are no actual objects blessed into this class.  Only the constructor belongs to this class; it returns "IO::File" objects.  For use
       as a general entropy source, it is recommended to wrap the handle using "Data::Entropy::Source", which provides methods to extract entropy
       in more convenient forms than mere octets.

       On systems with a blocking /dev/random, such as Linux, the bits generated can be totally unbiased and uncorrelated.  Such an entropy stream
       is suitable for all uses, including security applications.  However, the rate of entropy generation is limited, so applications requiring a
       large amount of apparently-random data might prefer to fake it cryptographically (see Data::Entropy::RawSource::CryptCounter).

       On systems where /dev/random does not block, the bits generated are necessarily correlated to some extent, but it should be
       cryptographically difficult to detect the correlation.  Such an entropy source is not suitable for all applications.  Some other systems
       lack /dev/random entirely.  If satisfactory entropy cannot be generated locally, consider downloading it from a server (see
       Data::Entropy::RawSource::RandomOrg and Data::Entropy::RawSource::RandomnumbersInfo).

CONSTRUCTOR

       Data::Entropy::RawSource::Local->new([FILENAME])
	   Opens a file handle referring to the randomness device, or "die"s on error.	The device opened is /dev/random by default, but this may
	   be overridden by giving a FILENAME argument.

	   The default device name may in the future be different on different OSes, if their equivalent devices are in different places.

METHODS

       There are no actual objects blessed into this class.  The constuctor returns "IO::File" objects.  See IO::File for the interface.  It is
       recommended to use unbuffered reads (the "sysread" method) rather than buffered reads (the "getc" method et al), to avoid wasting entropy
       that could be used by another process.

SEE ALSO

       Data::Entropy::RawSource::CryptCounter, Data::Entropy::RawSource::RandomOrg, Data::Entropy::RawSource::RandomnumbersInfo,
       Data::Entropy::Source, IO::File

AUTHOR

       Andrew Main (Zefram) <zefram@fysh.org>

COPYRIGHT

       Copyright (C) 2006, 2007, 2009, 2011 Andrew Main (Zefram) <zefram@fysh.org>

LICENSE

       This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.12.3							    2011-05-09				      Data::Entropy::RawSource::Local(3pm)