In the last episode (Jan 08), Garrett Cooper said: > On Jan 8, 2007, at 10:36 AM, Dan Nelson wrote: > > > >Even better: make RANDOM() call random() instead of rand(), and > >initialize the rng with srandomdev(). > > > >Another random password generator is in security/apg, and that one > >already uses /dev/random as a seed. > > Not all architectures support random number generation though IIRC > and random number generation can be removed from the kernel, so I > think that the dev was playing it safe by using another, less random > seed source than /dev/random or /dev/urandom.
Luckily, if srandomdev() can't open /dev/random, it falls back to seeding with gettimeofday() (so more variability than just time()), getpid(), and some random data off the stack, so it's always safe to use. I just noticed that there's also a sranddev, so fixing pwgen is really as simple as replacing the srand() call with sranddev(). -- Dan Nelson [EMAIL PROTECTED] _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"