passwdgen
Michal Moskal
michal.moskal at gmail.com
Sat Aug 6 18:49:16 CEST 2005
On 8/6/05, Tomasz Grobelny <tomasz at grobelny.oswiecenia.net> wrote:
> Dnia sobota 06 sierpnia 2005 17:50, Michal Moskal napisa\u0142:
> > On 8/6/05, Tomasz Grobelny <tomasz at grobelny.oswiecenia.net> wrote:
> > > Dnia \u015broda 03 sierpnia 2005 13:06, maHo wrote:
> > > > Hello
> > > >
> > > > #v+
> > > > $ passwdgen -1p@ --min=4 --max=6
> > > > #v-
> > > >
> > > > and it hangs.
> > >
> > > Because it uses /dev/random which is not very efficient (see strace).
> > > Would it be correct to use /dev/urandom? Does it contain the same amount
> > > of entropy or is it somehow simpler (and possibly less secure)?
> >
> > It depends on how paranoid you are. If you believe NSA, FSB or some
> > other kind of highly intelligent aliens are going to reverse SHA-1, so
> > they can guess next password based of the previous one then you should
> > definitely use /dev/random. OTOH if you believe it you should be also
> Ok, but would you trust a password generator that is based on rand function
> from glibc (which in turn returns values based only on system time)? If
> somebody knew you use this password generator he would have to check only
> several hundred thousands passwords to hit the right one. That would be a
> major security flaw.
> Thus the questions are:
> 1. How secure is /dev/urandom? Is is closer to /dev/random or to rand()?
It's far closer to /dev/random.
In the second paragraph I explained it -- /dev/urandom is the same as
/dev/random except it doesn't enforce that you read only as much as
you (well, the kernel) write to it. So if it lacks new random data, it
will generate it based on what's in the pool.
> 2. Should (according to specs) /dev/random be more secure than /dev/urandom?
Yes, because it doesn't require SHA-1 function to be irreversible. This
is however quite a good assumption.
> 3. If /dev/urandom is supposed to be less secure but it is secure enough (in
> current kernel implementation) should passwdgen use it? Yes, because it
> works. No, because it could be insecure if kernel behaviour changes. Other
> opinions?
It cannot change to be less secure. It's part of the kernel API.
--
Michal Moskal,
http://nemerle.org/~malekith/
More information about the pld-devel-en
mailing list