Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: swordfish --- a password generator
Special Forums Cybersecurity swordfish --- a password generator Post 302081450 by Perderabo on Tuesday 25th of July 2006 11:19:23 AM
Old 07-25-2006
I will post a new copy of swordfish making these changes:
Code:
In the weak_start_tigershark function: the line in green is new.

function weak_start_tigershark
{
        typeset -i  i final duration
        ((final=SECONDS+2))

        while((SECONDS < final)) ; do
                i=$RANDOM
        done

        ((Carry=0))
        ((X0=$$))
        ((X1=RANDOM))
        ((X2=RANDOM))
        ((X3=RANDOM))
        ((DEBUG)) && echo weakstart X3=$X3 X2=$X2 X1=$X1 X0=$X0 Carry=$Carry
        Sum=0
        ((Stigershark=Stigershark+1))
        return 0
}


In the Main section: The lines in red go away:

if [[ $Entropy = $ZeroEntropy ]] ; then
                echo "********************************" >&2
                echo "*                              *" >&2
                echo "*  Warning:  Entropy is zero!  *" >&2
                echo "*                              *" >&2
                echo "********************************" >&2
                echo generating weak entropy... >&2
                weak_start_tigershark
                status_tigershark
                entropy_generator 1 array
                echo  Entropy = ${Entropy}
                NeedMoreEntropy=1
fi

It is too early in the program to call status_tigershark since linecount has not be initialized and also it is sending unsolicted output to stdout. And that "echo Entropy" should have been directed to stderr as well. The remaining error message should be enough to call attention to the fact that swordfish is not operating in an optimum manner. And the user can always turn on debug mode for more output.

Yes, my intent is that swordfish be invoked always in the same directory. swordfish maintains an entropy file which is random data used to initialize the internal random number generator. But the first time the random number generator is called, there won't be an entropy file. So swordfish will initialize the RNG from /dev/urandom or /dev/random. If neither of those is available then swordfish is stuck with no decent source of initial random numbers. So it invokes the internal ksh RANDOM routine to get a few random numbers and it uses its current PID for one more random number. It first spends a couple of seconds burning off some of KSH's random numbers so it is not as bad as it might otherwise be. But it still complains about the situation. This is what is happening to you. Even HP-UX finally implemented /dev/random in 11.23. What OS are you using without a /dev/random?

If you really want to call swordfish from arbitrary directories, you could change the line:
ENTROPYFILE=swordfish.ent
to be an obsolute path to your entropy file. But remember, if other people can read your entropy file, they might be able to predict the passwords it
will generate.
 

7 More Discussions You Might Find Interesting

1. Cybersecurity

Password Generator

I need a great Password Generator program. I looked at a few of them, but none of them seemed to be what I wanted. So I have decided to write my own. (That's the cool thing about being a programmer....I always get what I want in software :) ) Do you have any password generators that you... (13 Replies)
Discussion started by: Perderabo
13 Replies

2. UNIX for Dummies Questions & Answers

date generator

Is there a command to generate the unix date that is in theshadow file?>? (2 Replies)
Discussion started by: BG_JrAdmin
2 Replies

3. Shell Programming and Scripting

time generator

Hi experts, I'd like to generate the table/file containing: number of milliseconds elapsed since midnight till midnight. It should contain 5 columns (hours minutes seconds milliseconds): Table will have theoretically 86 400 000 rows. My question is , is there somewhere the file or source... (7 Replies)
Discussion started by: hernand
7 Replies

4. Shell Programming and Scripting

Sequence generator

Thanks Guys This really helped (5 Replies)
Discussion started by: robert89
5 Replies

5. UNIX for Beginners Questions & Answers

Password generator with user inputs

Hi, I am new to bash scripting and i wanted to make a bash script that will generate a password for a user. The user must enter his/her name and the url of the site the password is used for. And the script will generate a password with those two elements in the password. So if the url is... (0 Replies)
Discussion started by: Kvr123
0 Replies

6. Shell Programming and Scripting

Random Password generator with 2 digits and 6 characters

I am using the below to random generate a password but I need to have 2 numeric characters and 6 alphabetic chars head /dev/urandom | tr -dc A-Za-z0-9 | head -c 8 ; echo '' 6USUvqRB ------ Post updated at 04:43 PM ------ Any Help folks - Can the output be passed onto a sed command to... (9 Replies)
Discussion started by: infernalhell
9 Replies

7. Forum Support Area for Unregistered Users & Account Problems

Password sent via reset password email is 'weak' and won't allow me to change my password

I was unable to login and so used the "Forgotten Password' process. I was sent a NEWLY-PROVIDED password and a link through which my password could be changed. The NEWLY-PROVIDED password allowed me to login. Following the provided link I attempted to update my password to one of my own... (1 Reply)
Discussion started by: Rich Marton
1 Replies

LEARN ABOUT CENTOS

doveadm-pw

DOVEADM-PW(1)							      Dovecot							     DOVEADM-PW(1)

NAME

       doveadm-pw - Dovecot's password hash generator

SYNOPSIS

       doveadm [-Dv] pw -l
       doveadm [-Dv] pw [-p password] [-r rounds] [-s scheme] [-u user] [-V]
       doveadm [-Dv] pw -t hash [-p password] [-u user]

DESCRIPTION

       doveadm pw is used to generate password hashes for different password schemes and optionally verify the generated hash.

       All  generated  password  hashes  have  a {scheme} prefix, for example {SHA512-CRYPT.HEX}.  All passdbs have a default scheme for passwords
       stored without the {scheme} prefix.  The default scheme can be overridden by storing the password with the scheme prefix.

OPTIONS

       Global doveadm(1) options:

       -D     Enables verbosity and debug messages.

       -v     Enables verbosity, including progress counter.

       Command specific options:

       -l     List all supported password schemes and exit successfully.
	      There are up to three optional password schemes: BLF-CRYPT (Blowfish  crypt),  SHA256-CRYPT and  SHA512-CRYPT.   Their  availability
	      depends on the system's currently used libc.

       -p password
	      The  plain  text password for which the hash should be generated.  If no password was given doveadm(1) will prompt interactively for
	      one.

       -r rounds
	      The password schemes BLF-CRYPT, SHA256-CRYPT and SHA512-CRYPT supports a variable number of encryption rounds.  The following  table
	      shows  the  minimum/maximum number of encryption rounds per scheme.  When the -r option was omitted the default number of encryption
	      rounds will be applied.

	       Scheme	    | Minimum | Maximum   | Default
	      ----------------------------------------------
	       BLF-CRYPT    |	    4 |        31 |	  5
	       SHA256-CRYPT |	 1000 | 999999999 |    5000
	       SHA512-CRYPT |	 1000 | 999999999 |    5000

       -s scheme
	      The password scheme which should be used to generate the hashed password.  By default the CRAM-MD5 scheme will be used.  It is  also
	      possible to append an encoding suffix to the scheme.  Supported encoding suffixes are: .b64, .base64 and .hex.
	      See also http://wiki2.dovecot.org/Authentication/PasswordSchemes for more details about password schemes.

       -t hash
	      Test  if	the  given  password hash matches a given plain text password.	The plain text password may be passed using the -p option.
	      When no password was specified, doveadm(1) will prompt interactively for one.

       -u user
	      When the DIGEST-MD5 scheme is used, also the user name must be given, because the user name is a part of the  generated  hash.   For
	      more information about Digest-MD5 please read also: http://wiki2.dovecot.org/Authentication/Mechanisms/DigestMD5

       -V     When  this option is given, the hashed password will be internally verified.  The result of the verification will be shown after the
	      hashed password, enclosed in parenthesis.

EXAMPLE

       The first password hash is a DIGEST-MD5 hash for jane.roe@example.com.  The second password hash is  a  CRAM-MD5  hash  for  john.doe@exam-
       ple.com.

       doveadm pw -s digest-md5 -u jane.roe@example.com
       Enter new password:
       Retype new password:
       {DIGEST-MD5}9b9dcb4466233a9307bbc33708dffda0
       doveadm pw
       Enter new password:
       Retype new password:
       {CRAM-MD5}913331d8782236a8ecba7764a63aa27b26437fd40ca878d887f11d81245c2c6b

REPORTING BUGS

       Report  bugs,  including doveconf -n output, to the Dovecot Mailing List <dovecot@dovecot.org>.	Information about reporting bugs is avail-
       able at: http://dovecot.org/bugreport.html

SEE ALSO

       doveadm(1)

Dovecot v2.2							    2013-08-17							     DOVEADM-PW(1)
All times are GMT -4. The time now is 01:06 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy