[Haskell-cafe] Re: Password hashing
Bulat Ziganshin [EMAIL PROTECTED] wrote: Hello Bit, Wednesday, October 29, 2008, 4:32:51 PM, you wrote: It's a good idea to salt your passwords before hashing, though. See What can be used for generating a random salt? Is System.Random secure enough? if you use mkStdRNG it's good enough for non high-secure programs. it inits rnd generator with current time upo to picoseconds (if your OS provides such granularity). you can add a bit f security by reading a few bytes from /dev/urandom and passing these to mkStdRNG ...or by pinging a random host and taking the time difference, checking the current cpu temperature and fan speed, counting how many times your process gets suspended in a certain amount of time, taking a picture of a lava lamp and hashing it, booting windows, not doing anything, and measure the time it takes to crash, hashing a snapshot of the slashdot frontpage, and, last, but not least, measuring the amount of spam per second currently swooshing into your mail account. -- (c) this sig last receiving data processing entity. Inspect headers for copyright history. All rights reserved. Copying, hiring, renting, performance and/or quoting of this signature prohibited. ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] Re: Password hashing
someone asked: What can be used for generating a random salt? Is System.Random secure enough? Achim Schneider wrote: ...or by pinging a random host and taking the time difference, checking the current cpu temperature and fan speed, counting how many times your process gets suspended in a certain amount of time, taking a picture of a lava lamp and hashing it, booting windows, not doing anything, and measure the time it takes to crash, hashing a snapshot of the slashdot frontpage, and, last, but not least, measuring the amount of spam per second currently swooshing into your mail account. or http://www.random.org/ perhaps ? -- Andrew Butterfield Tel: +353-1-896-2517 Fax: +353-1-677-2204 Foundations and Methods Research Group Director. School of Computer Science and Statistics, Room F.13, O'Reilly Institute, Trinity College, University of Dublin http://www.cs.tcd.ie/Andrew.Butterfield/ ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] Re: Password hashing
Andrew.Butterfield: someone asked: What can be used for generating a random salt? Is System.Random secure enough? Achim Schneider wrote: ...or by pinging a random host and taking the time difference, checking the current cpu temperature and fan speed, counting how many times your process gets suspended in a certain amount of time, taking a picture of a lava lamp and hashing it, booting windows, not doing anything, and measure the time it takes to crash, hashing a snapshot of the slashdot frontpage, and, last, but not least, measuring the amount of spam per second currently swooshing into your mail account. or http://www.random.org/ perhaps ? Via, System.Random.Atmosphere http://hackage.haskell.org/packages/archive/RandomDotOrg/0.2.1/doc/html/System-Random-Atmosphere.html ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe