Bulat Ziganshin <[EMAIL PROTECTED]> wrote: > Hello Bit, > > Wednesday, October 29, 2008, 4:32:51 PM, you wrote: > > >> It's a good idea to salt your passwords before hashing, though. See > > What can be used for generating a random salt? Is System.Random > > secure enough? > > if you use mkStdRNG it's good enough for non high-secure programs. it > inits rnd generator with current time upo to picoseconds (if your OS > provides such granularity). you can add a bit f security by reading a > few bytes from /dev/urandom and passing these to mkStdRNG > ...or by pinging a random host and taking the time difference, checking the current cpu temperature and fan speed, counting how many times your process gets suspended in a certain amount of time, taking a picture of a lava lamp and hashing it, booting windows, not doing anything, and measure the time it takes to crash, hashing a snapshot of the slashdot frontpage, and, last, but not least, measuring the amount of spam per second currently swooshing into your mail account.
-- (c) this sig last receiving data processing entity. Inspect headers for copyright history. All rights reserved. Copying, hiring, renting, performance and/or quoting of this signature prohibited. _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe