[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: bugtraq@xxxxxxxxxxxxxxxxx*Subject*: Re: Flaw in commonly used bash random seed method*From*: "Dave Korn" <davek_throwaway@xxxxxxxxxxx>*Date*: Tue, 4 Apr 2006 14:22:53 +0100*Delivered-to*: mailing list bugtraq@xxxxxxxxxxxxxxxxx*Delivered-to*: moderator for bugtraq@xxxxxxxxxxxxxxxxx*List-help*: <mailto:bugtraq-help@securityfocus.com>*List-id*: <bugtraq.list-id.securityfocus.com>*List-post*: <mailto:bugtraq@securityfocus.com>*List-subscribe*: <mailto:bugtraq-subscribe@securityfocus.com>*List-unsubscribe*: <mailto:bugtraq-unsubscribe@securityfocus.com>*Mailing-list*: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm*References*: <5ece0d580604011812g41c0b8a1n646b8629b45308c4@xxxxxxxxxxxxxx> <a260a2190604031256g23cf3645s348f829530982b38@xxxxxxxxxxxxxx>*Sender*: news <news@xxxxxxxxxxxxx>

Matthijs wrote: > I hope nobody generates passwords with ANY kind of pseudo-RNG. This is the main point, anyway. > By the way, if the random function can only generate numbers between 0 > and 32767, won't 2 bytes be enough then? The algorithm will perform a > modulo calculation anyway, so 4 bytes won't really add anything. Of > course, it is much better then only one byte. You have made the assumption that the size of the seed matches the size of the output values. In fact, this is highly unlikely to be correct. In the standard C library (on which this implementation is almost certainly based), the seed is a full 32-bits even though the output is 15. That's because the seed is the internal state of the generator, and if it only had the same number of bits as the output, then the next output from the generator could be wholly determined by knowing the current output, and the generator would only be able to output 32768 numbers before the sequence repeated. Think of the extra bits as selecting one of 2^17 different permutations of the 2^15 possible output values; if the generator didn't have more internal state than it puts in its output, there would only ever be one constant permutation, the seed would choose your starting point at that permutation, and each output number you see generated would always be followed by the exact same next one every time. cheers, DaveK -- Can't think of a witty .sigline today....

**Follow-Ups**:**Re: Flaw in commonly used bash random seed method***From:*Steve VanDevender

**References**:**Flaw in commonly used bash random seed method***From:*coderpunk

**Re: Flaw in commonly used bash random seed method***From:*Matthijs

- Prev by Date:
**Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data** - Next by Date:
**Linux Kernel Local DoS vulnerability.** - Previous by thread:
**Re: Flaw in commonly used bash random seed method** - Next by thread:
**Re: Flaw in commonly used bash random seed method** - Index(es):