10-07-2007
Quote:
Originally Posted by
caiser
Whats wrong with:
[code]cat /dev/urandom| .....
Since you asked, the problems start with your use of /dev/urandom. As one example, see "Analysis of the Linux Random Number Generator", March 6, 2006 by Gutterman, Pinkas, and Reinman.
Quote:
Linux is the most popular open source project. The Linux random number generator is part of the kernel of all Linux distributions and is based on generating randomness from entropy of operating system events. The output of this generator is used for almost every security protocol, including TLS/SSL key generation, choosing TCP sequence
numbers, and file system and email encryption. Although the generator is part of an open source project, its source code (about 2500 lines of code) is poorly documented, and patched with hundreds of code patches. We used dynamic and static reverse engineering to learn the operation of this generator. This paper presents a description of the underlying algorithms and exposes several security vulnerabilities. In particular, we show an attack on the forward security of the generator which enables an adversary who exposes the state of the generator to compute previous states and outputs. In addition we present a few cryptographic flaws in the design of the generator, as well as measurements of the actual entropy collected by it, and a critical analysis of the use of the generator in Linux distributions on disk-less devices.
In addition, your generator will not constrain its output to produce passwords that are easy for a human to remember.
I really encourage anyone who thinks that they have a method of generating random passwords to formally test that assumption. My script's output has passed the Diehard suite. And here is a clue, you need a random number generator that can pass Diehard. I am not aware of any version of unix or linux that comes with any random number generator that can do that. Passing Diehard is tough. No linear congruential generator, such as rand(), will even come close.
Note that even if /dev/urandom is reengineered to output random numbers, the fact that other users on the system can examine the current state of the generator and then compute previous states continues to be a problem. You really need a method that will deliver a stream of random numbers to you and only to you.
10 More Discussions You Might Find Interesting
1. Programming
How to generate a random integer with specific range(for example, from 1 to 1000)?
Also, how to convert a floating point number into a integer? (2 Replies)
Discussion started by: MacMonster
2 Replies
2. Programming
I need a function to generate a random alphanumeric password in C code. It needs to be between 6-8 characters and follow the following rules:
Reject if same char appears # time: 4 or more
Reject if same char appears consecutively: 3 or more
I have the following random password working for... (2 Replies)
Discussion started by: vjaws
2 Replies
3. Shell Programming and Scripting
Hi, Guz!
I'm working on a scripts compiler which needs a function to generate random strings. I think REGX may be a good solution to restrict the string format. Before DIYing I'd like asking for any existing libs or codes.
Any help will be appreciated! (7 Replies)
Discussion started by: wqqafnd
7 Replies
4. Programming
I saw this formula to generate random number between two specified values in shell script.the following.
$(((RANDOM%(max-min+divisibleBy))/divisibleBy*divisibleBy+min))
Give a example in book.
Generate random number between 6 and 30.like this.
$(((RANDOM%30/3+1)*3))
But I have a... (1 Reply)
Discussion started by: luoluo
1 Replies
5. Ubuntu
Hi
I am new to expect. Please if any one can help on my issue its really appreciable. here is my issue:
I want expect script for random passwords and random commands generation.
please can anyone help me?
Many Thanks in advance (0 Replies)
Discussion started by: vanid
0 Replies
6. Programming
hi guys,
I am writing a c program that generates a two dimensional array to make matrix and a vector of random numbers and perform multiplication. I can't figure out whats wrong with my code. It generates a matrix of random numbers but all the numbers in the vector array is same and so is the... (2 Replies)
Discussion started by: saboture88
2 Replies
7. Shell Programming and Scripting
How would you use bash to generate a random 32 digit number base 16?
Like this one:
0cc06f2fa0166913291afcb788717458 (8 Replies)
Discussion started by: locoroco
8 Replies
8. Shell Programming and Scripting
i want to generate a random number through a script, and even if anyone reads the script, they wont be able to figure out what the random number is. only the person who setup the script would know it.
something like this could work: random
the full thread is here:
... (13 Replies)
Discussion started by: SkySmart
13 Replies
9. Shell Programming and Scripting
Need to use dd to generate a large file from a sample file of random data. This is because I don't have /dev/urandom.
I create a named pipe then:
dd if=mynamed.fifo do=myfile.fifo bs=1024 count=1024
but when I cat a file to the fifo that's 1024 random bytes:
cat randomfile.txt >... (7 Replies)
Discussion started by: Devyn
7 Replies
10. Shell Programming and Scripting
Hi,
Is anybody experience generate a pair of random number by using awk command?
I wanna to generate a pair of random number (range from 1 to 4124) and repeats it 416 times.
Desired output
2 326
123 1256
341 14
3245 645
.
.
.
I did write the below command:
awk... (5 Replies)
Discussion started by: perl_beginner
5 Replies
LEARN ABOUT OSF1
randomchars
randomword(3) Library Functions Manual randomword(3)
NAME
randomword, randomchars, randomletters - Generate random passwords (Enhanced Security)
LIBRARY
Security Library - libsecurity.so
SYNOPSIS
int randomchars( char *string, unsigned short int minlen, unsigned short int maxlen, boolean restrict, long seed);
int randomletters( char *string, unsigned short int minlen, unsigned short int maxlen, boolean restrict, long
seed);
int randomword( char *word, char *hyphenated_word, unsigned short int minlen, unsigned short int maxlen, boolean
restrict, long seed);
PARAMETERS
Points at a user-supplied space to contain a null-terminated password. Specifies the minimum length that a generated word can have. Spec-
ifies the maximum length that a generated word can have. Specifies whether restrictions are to be imposed on the generated word. This is
a boolean integer, where a non-zero integer indications restrictions and a 0 (zero) indicates no restrictions. Specifies an initial seed
for the random number generator. Points at a user-supplied space to contain a null-terminated random pronounceable password. Contains the
hyphenated version of the generated word.
DESCRIPTION
These functions generate random passwords for use in password selection. All of them are generated by the system, based on seeds and set
in the function. Such seeds can be created with the drand48(), rand(), or random() functions.
The randomchars() function places a null-terminated password composed of random printable ASCII characters into the string parameter and
returns the length of the generated string. The minlen parameter can equal maxlen, but cannot be greater than maxlen, and cannot be nega-
tive. The user space preallocated is at least maxlen for string. The smaller minlen and maxlen are, the smaller the selection space of
random words.
The restrict parameter is 0 (zero) when no restrictions are placed on the generated word. It is nonzero when the words generated pass the
tests of the acceptable_password() function.
The seed parameter is used by the function only on the first time it is called; the parameter is ignored on subsequent calls.
The randomletters() function places a null-terminated password composed of random lower-case letters into the string parameter and returns
the length of the generated word. The minlen, maxlen, restrict, and seed parameters are the same as for the randomchars() function.
The randomword() function places a null-terminated random pronounceable password into the word parameter and returns the length of the gen-
erated word. The minlen, maxlen, restrict, and seed parameters are the same as for the randomchars() and randomletters() functions. The
user space preallocated is at least 2*max - 1 for hyphenated_word.
NOTES
The password generator relies on a random number generator that produces uniformly distributed integers. Because the password generator
invokes the random number generator many times even for one word, the random number generator has to produce a uniform distribution. The
period (distinct numbers produced given a particular seed) and number space (range of possible numbers) must both be large. The drand48()
functions are used for this purpose.
Programs using these functions must be compiled with -lsecurity.
FILES
System password file. System group file.
RELATED INFORMATION
Functions: acceptable_password(3), drand48(3), rand(3), random(3).
Commands: login(1), passwd(1). delim off
randomword(3)