Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Generate a random password
Top Forums Shell Programming and Scripting Generate a random password Post 302139501 by Perderabo on Sunday 7th of October 2007 06:53:10 PM
Old 10-07-2007
Quote:
Originally Posted by caiser
Whats wrong with:

[code]cat /dev/urandom| .....
Since you asked, the problems start with your use of /dev/urandom. As one example, see "Analysis of the Linux Random Number Generator", March 6, 2006 by Gutterman, Pinkas, and Reinman.

Quote:
Linux is the most popular open source project. The Linux random number generator is part of the kernel of all Linux distributions and is based on generating randomness from entropy of operating system events. The output of this generator is used for almost every security protocol, including TLS/SSL key generation, choosing TCP sequence
numbers, and file system and email encryption. Although the generator is part of an open source project, its source code (about 2500 lines of code) is poorly documented, and patched with hundreds of code patches. We used dynamic and static reverse engineering to learn the operation of this generator. This paper presents a description of the underlying algorithms and exposes several security vulnerabilities. In particular, we show an attack on the forward security of the generator which enables an adversary who exposes the state of the generator to compute previous states and outputs. In addition we present a few cryptographic flaws in the design of the generator, as well as measurements of the actual entropy collected by it, and a critical analysis of the use of the generator in Linux distributions on disk-less devices.
In addition, your generator will not constrain its output to produce passwords that are easy for a human to remember.

I really encourage anyone who thinks that they have a method of generating random passwords to formally test that assumption. My script's output has passed the Diehard suite. And here is a clue, you need a random number generator that can pass Diehard. I am not aware of any version of unix or linux that comes with any random number generator that can do that. Passing Diehard is tough. No linear congruential generator, such as rand(), will even come close.

Note that even if /dev/urandom is reengineered to output random numbers, the fact that other users on the system can examine the current state of the generator and then compute previous states continues to be a problem. You really need a method that will deliver a stream of random numbers to you and only to you.
 

10 More Discussions You Might Find Interesting

1. Programming

How to generate a random number?

How to generate a random integer with specific range(for example, from 1 to 1000)? Also, how to convert a floating point number into a integer? (2 Replies)
Discussion started by: MacMonster
2 Replies

2. Programming

Generate Random Password in C

I need a function to generate a random alphanumeric password in C code. It needs to be between 6-8 characters and follow the following rules: Reject if same char appears # time: 4 or more Reject if same char appears consecutively: 3 or more I have the following random password working for... (2 Replies)
Discussion started by: vjaws
2 Replies

3. Shell Programming and Scripting

How to generate random strings from regx?

Hi, Guz! I'm working on a scripts compiler which needs a function to generate random strings. I think REGX may be a good solution to restrict the string format. Before DIYing I'd like asking for any existing libs or codes. Any help will be appreciated! (7 Replies)
Discussion started by: wqqafnd
7 Replies

4. Programming

Generate random number

I saw this formula to generate random number between two specified values in shell script.the following. $(((RANDOM%(max-min+divisibleBy))/divisibleBy*divisibleBy+min)) Give a example in book. Generate random number between 6 and 30.like this. $(((RANDOM%30/3+1)*3)) But I have a... (1 Reply)
Discussion started by: luoluo
1 Replies

5. Ubuntu

expect script for random password and random commands

Hi I am new to expect. Please if any one can help on my issue its really appreciable. here is my issue: I want expect script for random passwords and random commands generation. please can anyone help me? Many Thanks in advance (0 Replies)
Discussion started by: vanid
0 Replies

6. Programming

generate array of random numbers

hi guys, I am writing a c program that generates a two dimensional array to make matrix and a vector of random numbers and perform multiplication. I can't figure out whats wrong with my code. It generates a matrix of random numbers but all the numbers in the vector array is same and so is the... (2 Replies)
Discussion started by: saboture88
2 Replies

7. Shell Programming and Scripting

generate random base 16

How would you use bash to generate a random 32 digit number base 16? Like this one: 0cc06f2fa0166913291afcb788717458 (8 Replies)
Discussion started by: locoroco
8 Replies

8. Shell Programming and Scripting

Generate random numbers in script

i want to generate a random number through a script, and even if anyone reads the script, they wont be able to figure out what the random number is. only the person who setup the script would know it. something like this could work: random the full thread is here: ... (13 Replies)
Discussion started by: SkySmart
13 Replies

9. Shell Programming and Scripting

Need to generate a file with random data. /dev/[u]random doesn't exist.

Need to use dd to generate a large file from a sample file of random data. This is because I don't have /dev/urandom. I create a named pipe then: dd if=mynamed.fifo do=myfile.fifo bs=1024 count=1024 but when I cat a file to the fifo that's 1024 random bytes: cat randomfile.txt >... (7 Replies)
Discussion started by: Devyn
7 Replies

10. Shell Programming and Scripting

Help with generate a pair of random number

Hi, Is anybody experience generate a pair of random number by using awk command? I wanna to generate a pair of random number (range from 1 to 4124) and repeats it 416 times. Desired output 2 326 123 1256 341 14 3245 645 . . . I did write the below command: awk... (5 Replies)
Discussion started by: perl_beginner
5 Replies

LEARN ABOUT DEBIAN

makepasswd

makepasswd(1)						       UNIX Reference Manual						     makepasswd(1)

NAME

       makepasswd - generate and/or encrypt passwords

SYNOPSIS

       makepasswd [ --chars N ] [ --clearfrom file ] [ --count N ] [ --crypt | --nocrypt | --crypt-md5 ] [ --cryptsalt N ] [ --help ] [ --maxchars
       N ] [ --minchars N ] [ --randomseed N ] [ --rerandom N ] [ --repeatpass N ] [ --string string ] [ --verbose | --noverbose ]

DESCRIPTION

       makepasswd generates true random passwords using /dev/urandom, with the emphasis on security over pronounceability.  It	can  also  encrypt
       plaintext passwords given on the command line.

OPTIONS

       --chars N
	      Generate passwords with exactly N characters (do not use with options --minchars and --maxchars).

       --clearfrom FILE
	      Use password from FILE instead of generating passwords.  Requires the --crypt or the --crypt-md5 options; may not be used with these
	      options: --chars, --maxchars, --minchars, --count, --string, --nocrypt.  Trailing newlines are removed but other white space is not.

       --count N
	      Produce a total of N passwords (the default is one).

       --crypt
	      Produce encrypted passwords.

       --crypt-md5
	      Produce encrypted passwords using the MD5 digest (hash) algorithm.

       --cryptsalt N
	      Use crypt() salt N, a positive number <= 4096.  If random seeds are desired, specify a zero value (the default).

       --help Ignore other operands and produce only a help display.

       --maxchars N
	      Generate passwords with at most N characters (default = 10).

       --minchars N
	      Generate passwords with at least N characters (default = 8).

       --nocrypt
	      Do not encrypt the generated password(s) (the default).

       --noverbose
	      Display no labels on output (the default).

       --randomseed N
	      Use random number seed N, between 0 and 2^32 inclusive.  A zero value results in a  real-random  seed.   This  generates	much  less
	      secure passwords than the default; not only does it generate predictable passwords due to the fixed seed, but the range of available
	      seeds is 32 bits rather than the default of 256 bits, and cannot be changed without breaking expectations of previous users of  this
	      option.  If possible, do not use this option.

       --rerandom N
	      Set  the random seed value every N values used.  Specify zero to use a single seed value (the default). Specify one to get true-ran-
	      dom passwords, though note that doing this too frequently will deplete the supply of entropy available in the kernel's entropy pool.

       --repeatpass N
	      Use each password N times (4096 maximum, --crypt must be set and --cryptsalt may not be set).

       --string STRING
	      Use the characters in STRING to generate random passwords.

       --verbose
	      Display labelling information on output.

HISTORY

       makepasswd was originally part of the mkircconf program used to centrally administer the Linux Internet Support	Cooperative  IRC  network.
       It may potentially be of use in any situation where passwords must be secure and need not be memorized by humans.

       Colin Watson modified it to use OpenSSL's pseudo-random number generator.

COPYRIGHT

       Copyright  (c) 1997-1998 by lilo <lilo@linpeople.org>.  All rights are reserved by the author.  This program may be used under the terms of
       version 2 of the GNU Public License.

SEE ALSO

       passwd(5)

Debian Distribution						  1998 February 9						     makepasswd(1)
All times are GMT -4. The time now is 09:29 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy