Re: /dev/urandom is randomly cool
On Tue, Oct 08, 2002 at 12:30:27AM -0400, Peter Leftwich wrote: On Mon, 7 Oct 2002, Oliver Fromme wrote: Peter Leftwich [EMAIL PROTECTED] wrote: On Sun, 6 Oct 2002, Fernando Gleiser wrote: On Sun, 6 Oct 2002, Mikko Ty?l?j?rvi wrote: tr -cd a-zA-Z0-9 /dev/urandom | dd bs=$len count=1 2/dev/null It didn't work. My shell is tcsh so I tried: tr -cd a-zA-Z0-9 /dev/urandom | dd bs=8 count=1 /dev/null And all I got was the next prompt. Yep, csh and tcsh suck pretty much. Not being able to separately redirect stderr easily is one of the reasons. Bizarre. From now on I'll have to insert `bash ; ` before commands :) Umm, that won't work, but I really can't tell if you're joking or not. Ceri -- you can't see when light's so strong you can't see when light is gone To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: /dev/urandom is randomly cool
Date: Tue, 8 Oct 2002 00:30:27 -0400 (EDT) From: Peter Leftwich [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] On Mon, 7 Oct 2002, Oliver Fromme wrote: Peter Leftwich [EMAIL PROTECTED] wrote: On Sun, 6 Oct 2002, Fernando Gleiser wrote: On Sun, 6 Oct 2002, Mikko Ty=F6l=E4j=E4rvi wrote: In this particular case, you can use head instead of dd: tr -cd a-zA-Z0-9 /dev/urandom | head -c 8 Thanks for that! I was trying `cut -c` and didn't realize head had that flag. Now I can generate 8 characters: # tr -cd a-zA-Z0-9 /dev/urandom | head -c 8 ; echo 0tXx3p3m ..and random phone numbers :) # tr -cd 0-9 /dev/urandom | head -c 10 ; echo 5031594488 Why is this an entropy pool and not an entropy ocean? Is there a way to cat /dev/dsp or analyze my soundcard's mic-in and sample randomness? Just how random is your sound card input? That is very dependent on details of the A-D conversion and it may be FAR from really random. The system is, justifiably paranoid! If you add some devices to the entropy generator, you will get an entropy ocean! I recommend the keyboard and mouse for a workstation. The network interface is USUALLY a good one. The disk interface is possible, but can to be less random than is ideal. Clocks are a bad idea. :-) Use vmstat -i to get a list of interrupt sources on your system and use rndcontrol to add them to the entropy engine. # vmstat -i interrupt total rate ata0 irq143240348 10 ata1 irq15 4 0 mux irq11 1342389 4 pcm0 irq10 3401 0 fdc0 irq6 2 0 atkbd0 irq1 58469 0 psm0 irq12 872780 2 sio0 irq4 441098 1 clk irq0 31225225 99 rtc irq8 39970907128 Total77154623247 # rndcontrol -s 11 -s 1 -s 12 rndcontrol: setting irq 1 rndcontrol: setting irq 11 rndcontrol: setting irq 12 rndcontrol: interrupts in use: 1 11 12 This is a pretty good way to get some significant data into the system. the mouse/keyboard are always the best choices. The network is normally pretty good, although some activity is pretty regular, but not to the degree that should impact entropy. R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: /dev/urandom is randomly cool
Use vmstat -i to get a list of interrupt sources on your system and use rndcontrol to add them to the entropy engine. This is very interesting. I have just guessed my entropy interrupts. Thanks for the tip! # vmstat -i interrupt total rate ata0 irq143240348 10 ata1 irq15 4 0 mux irq11 1342389 4 pcm0 irq10 3401 0 fdc0 irq6 2 0 atkbd0 irq1 58469 0 psm0 irq12 872780 2 sio0 irq4 441098 1 clk irq0 31225225 99 rtc irq8 39970907128 Total77154623247 ... but what does the 'mux' stand for? My laptop shows it, too. From the context I guess it is network activity, but there is no such device or kernel option. The NICs don't show up as themselves. man vmstat didn't tell. -- Cheers, Petri Metis / Petri Riihikallio GSM: +358 400 505 939 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: /dev/urandom is randomly cool
Date: Tue, 8 Oct 2002 23:22:19 +0300 From: Petri Riihikallio [EMAIL PROTECTED] Use vmstat -i to get a list of interrupt sources on your system and use rndcontrol to add them to the entropy engine. This is very interesting. I have just guessed my entropy interrupts. Thanks for the tip! # vmstat -i interrupt total rate ata0 irq143240348 10 ata1 irq15 4 0 mux irq11 1342389 4 pcm0 irq10 3401 0 fdc0 irq6 2 0 atkbd0 irq1 58469 0 psm0 irq12 872780 2 sio0 irq4 441098 1 clk irq0 31225225 99 rtc irq8 39970907128 Total77154623247 ... but what does the 'mux' stand for? My laptop shows it, too. From the context I guess it is network activity, but there is no such device or kernel option. The NICs don't show up as themselves. man vmstat didn't tell. mux is the device name given to all devices using the shared PCI interrupt. On most laptops all PCMCIA cards as well as the PCMCIA controller(s) and USB controllers use a single interrupt (unless this is disabled by sysctl). So this device covers anything you plug into a PCMCIA slot and anything in a mini-PCI slot on most laptops or the PCI on most desktops. You can usually track down what uses it by scanning the dmesg output. On my Dell desktop I see the graphics card, the Ethernet, and one USB all use IRQ 11 and are included in the mux device. R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: /dev/urandom is randomly cool
On Mon, 7 Oct 2002, Oliver Fromme wrote: Peter Leftwich [EMAIL PROTECTED] wrote: On Sun, 6 Oct 2002, Fernando Gleiser wrote: On Sun, 6 Oct 2002, Mikko Työläjärvi wrote: tr -cd a-zA-Z0-9 /dev/urandom | dd bs=$len count=1 2/dev/null It didn't work. My shell is tcsh so I tried: tr -cd a-zA-Z0-9 /dev/urandom | dd bs=8 count=1 /dev/null And all I got was the next prompt. Yep, csh and tcsh suck pretty much. Not being able to separately redirect stderr easily is one of the reasons. Bizarre. From now on I'll have to insert `bash ; ` before commands :) In this particular case, you can use head instead of dd: tr -cd a-zA-Z0-9 /dev/urandom | head -c 8 Thanks for that! I was trying `cut -c` and didn't realize head had that flag. Now I can generate 8 characters: # tr -cd a-zA-Z0-9 /dev/urandom | head -c 8 ; echo 0tXx3p3m ...and random phone numbers :) # tr -cd 0-9 /dev/urandom | head -c 10 ; echo 5031594488 If your intention is to generate passwords, then you should also include special characters, not just letters and digits. I once wrote a small shell script to generate good passwords: http://www.secnetix.de/~olli/scripts/genpwd Nope. After installing it somwhere in yout $PATH (for example in /usr/local/bin) and making it executable, type genpwd -h Do any other flavors of unix come with password generators? for usage information. It also uses /dev/urandom, if it exists, but it also works fine without -- you can easily remove that part from the script (three lines) and it will still work with sufficient randomness, without having to touch your kernel's entropy pool. Why is this an entropy pool and not an entropy ocean? Is there a way to cat /dev/dsp or analyze my soundcard's mic-in and sample randomness? BTW, the script can also be (ab)used for other things. There are two examples in the usage message. Regards Oliver Oliver Fromme, secnetix GmbH Co KG, Oettingenstr. 2, 80538 München All that we see or seem is just a dream within a dream (E. A. Poe) Thanks again Oliver. -- Peter Leftwich President Founder Video2Video Services Box 13692, La Jolla, CA, 92039 USA +1-413-403-9555 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: /dev/urandom is randomly cool
On Sat, 5 Oct 2002, Peter Leftwich wrote: I was sorting through my /usr/X11R6/bin/startx text-file and noticed: mcookie=`dd if=/dev/urandom bs=16 count=1 2/dev/null | hexdump -e \\%08x\\` I started playing around with `cat /dev/urandom` and `head -1 /dev/urandom` so my question is... How can I use the head -1 method and change the output into just [A-Za-z0-9] and no spaces or punctuation? And specify length? Why head -1...? /dev/random isn't very line oriented. Oh, well, nevermind. One way of doing what you want is: tr -cd a-zA-Z0-9 /dev/urandom | dd bs=$len count=1 2/dev/null Which will give you $len random bytes from the set a-zA-Z0-9 (it reads a lot more from /dev/urandom than it produces though). Another answer is, as always, use perl :-) $.02, /Mikko To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: /dev/urandom is randomly cool
On Sun, 6 Oct 2002, Mikko Työläjärvi wrote: tr -cd a-zA-Z0-9 /dev/urandom | dd bs=$len count=1 2/dev/null Which will give you $len random bytes from the set a-zA-Z0-9 (it reads a lot more from /dev/urandom than it produces though). yes, and that is bad :( It is not good to mess with /dev/[u]random more than what's really needed, because you can exhaust the entropy pool, and that's a Bad Thing. In your home box, for learning purposes, that's OK, but in a production box which needs a good working prng (for crypto session keys, auth cookies and the like) it is not acceptable to eat all the entropy pool unless you have a very good reason to do so. Fer Another answer is, as always, use perl :-) $.02, /Mikko To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: /dev/urandom is randomly cool
On Sun, 6 Oct 2002, Fernando Gleiser wrote: On Sun, 6 Oct 2002, Mikko Työläjärvi wrote: tr -cd a-zA-Z0-9 /dev/urandom | dd bs=$len count=1 2/dev/null It didn't work. My shell is tcsh so I tried: tr -cd a-zA-Z0-9 /dev/urandom | dd bs=8 count=1 /dev/null And all I got was the next prompt. Which will give you $len random bytes from the set a-zA-Z0-9 (it reads a lot more from /dev/urandom than it produces though). yes, and that is bad :( It is not good to mess with /dev/[u]random more than what's really needed, because you can exhaust the entropy pool, and that's a Bad Thing. How large (deep?) is this entropy pool? In your home box, for learning purposes, that's OK, but in a production box which needs a good working prng (for crypto session keys, auth cookies and the like) it is not acceptable to eat all the entropy pool unless you have a very good reason to do so. Fer They ought to build motherboards with tiny lava lamps for randomness :) Another answer is, as always, use perl :-) $.02, /Mikko Yeah yeah-yeah. It's just nice having an all-inclusive OS, that's all! -- Peter Leftwich President Founder Video2Video Services Box 13692, La Jolla, CA, 92039 USA +1-413-403-9555 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: /dev/urandom is randomly cool
On Sun, 6 Oct 2002, Fernando Gleiser wrote: On Sun, 6 Oct 2002, Mikko Työläjärvi wrote: tr -cd a-zA-Z0-9 /dev/urandom | dd bs=$len count=1 2/dev/null Which will give you $len random bytes from the set a-zA-Z0-9 (it reads a lot more from /dev/urandom than it produces though). yes, and that is bad :( I know. That is why I mentioned it. You snipped the part where I said that the above is one way of accomplishing the task, as opposed to the only way or the best way, much like slowsort is one way to sort data :) If the characters / and + are added to the set of acceptable output chracters, then the solution is dd the right amount of data and feed to your favourite base64 encoder. As the problem was formulated, you'd need a base62 encoder. It is not good to mess with /dev/[u]random more than what's really needed, because you can exhaust the entropy pool, and that's a Bad Thing. /dev/urandom does not get exhausted, it just gets diluted. Still sub-optimal, but not a total disaster. In your home box, for learning purposes, that's OK, but in a production box which needs a good working prng (for crypto session keys, auth cookies and the like) it is not acceptable to eat all the entropy pool unless you have a very good reason to do so. Agreed. $.02, /Mikko To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: /dev/urandom is randomly cool
tr -cd a-zA-Z0-9 /dev/urandom | dd bs=$len count=1 2/dev/null It didn't work. My shell is tcsh so I tried: tr -cd a-zA-Z0-9 /dev/urandom | dd bs=8 count=1 /dev/null redirects stderr *and* stdout. -- Richard To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: /dev/urandom is randomly cool
Peter Leftwich [EMAIL PROTECTED] wrote: On Sun, 6 Oct 2002, Fernando Gleiser wrote: On Sun, 6 Oct 2002, Mikko Työläjärvi wrote: tr -cd a-zA-Z0-9 /dev/urandom | dd bs=$len count=1 2/dev/null It didn't work. My shell is tcsh so I tried: tr -cd a-zA-Z0-9 /dev/urandom | dd bs=8 count=1 /dev/null And all I got was the next prompt. Yep, csh and tcsh suck pretty much. Not being able to separately redirect stderr easily is one of the reasons. In this particular case, you can use head instead of dd: tr -cd a-zA-Z0-9 /dev/urandom | head -c 8 If your intention is to generate passwords, then you should also include special characters, not just letters and digits. I once wrote a small shell script to generate good passwords: http://www.secnetix.de/~olli/scripts/genpwd After installing it somwhere in yout $PATH (for example in /usr/local/bin) and making it executable, type genpwd -h for usage information. It also uses /dev/urandom, if it exists, but it also works fine without -- you can easily remove that part from the script (three lines) and it will still work with sufficient randomness, without having to touch your kernel's entropy pool. BTW, the script can also be (ab)used for other things. There are two examples in the usage message. Regards Oliver -- Oliver Fromme, secnetix GmbH Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. All that we see or seem is just a dream within a dream (E. A. Poe) To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
/dev/urandom is randomly cool
I was sorting through my /usr/X11R6/bin/startx text-file and noticed: mcookie=`dd if=/dev/urandom bs=16 count=1 2/dev/null | hexdump -e \\%08x\\` I started playing around with `cat /dev/urandom` and `head -1 /dev/urandom` so my question is... How can I use the head -1 method and change the output into just [A-Za-z0-9] and no spaces or punctuation? And specify length? -- Peter Leftwich President Founder Video2Video Services Box 13692, La Jolla, CA, 92039 USA +1-413-403-9555 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message