Garrett Cooper wrote:
Dan Nelson wrote:
In the last episode (Jan 08), Garrett Cooper said:
On Jan 8, 2007, at 10:36 AM, Dan Nelson wrote:
Even better: make RANDOM() call random() instead of rand(), and
initialize the rng with srandomdev().

Another random password generator is in security/apg, and that one
already uses /dev/random as a seed.
Not all architectures support random number generation though IIRC
and random number generation can be removed from the kernel, so I
think that the dev was playing it safe by using another, less random
seed source than /dev/random or /dev/urandom.

Luckily, if srandomdev() can't open /dev/random, it falls back to
seeding with gettimeofday() (so more variability than just time()),
getpid(), and some random data off the stack, so it's always safe to
use.  I just noticed that there's also a sranddev, so fixing pwgen is
really as simple as replacing the srand() call with sranddev()
Interesting--I didn't know that. That sounds a lot better than what's in place by a long shot and it would be nice to have that in the program considering that random number generators are quite ubiquitous in Unix nowadays.
   I'll CC the project devs later on today with this thread then.
Hmm.. it seems that the project hasn't been updated in eons (2001): <>. I'll still try to get a hold of the dev, but I'm not sure if they are still administering the project.
_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to