On Sun, Feb 07, 2010 at 01:59:33PM -0500, Brad Tilley wrote:
> I wrote a small cpp application to generate randomish passwords. It compiles
> and runs OK on OpenBSD, however, it does not seem to create random strings
> (the first and last chars seldom ever change, etc). The same code compiles
> and runs on Linux and Windows and *does* produce randomish strings (no often
> repeating chars). The source code is small and is contained in a single file.
> I placed it here along with binaries for OpenBSD and Windows:
>
> http://16systems.com/downloads
A few items:
1) from man rand
DESCRIPTION
These interfaces are obsoleted by random(3).
IIRC, rand is a known non-crypto strength random number generator,
so you're better off using a known good one.
2) srand(time(NULL));
is probably not going to get you a whole lotta entropy to
start with.
3) inline void rbt_readable( Fl_Widget* w, void* buff )
does some computation on the random data to compact it into
the ASCII character set (I'm just assuming, but it seems
a safe assumption), so you're going to lose randomness there
as well.
It's possible that the rand interfaces on Linux and Windows
have been fixed to give strong random numbers.
>
> I could be doing something wrong. I've checked the source code several times
> but nothing obvious stands out. I'll try a gcc compiler from ports tomorrow
> to see if that makes a difference. Until then, I thought I'd post to tech.
> Can anyone tell if I've made an error in the source code?
>
> Output from a current OpenBSD box (notice the first and last chars and how
> they seldom change)
>
> $ ./passgen-obsd 30
>
> msTGrW7C
> d2TyHePk
> ViK8R6pU
> mJTQZnXL
> di38hwfL
> msbQh6Xk
> VJ3G9efU
> Ma38rEFu
> VJB8RwxC
> MsKGzNP4
> 5SBqrnPu
> M2ByzN7c
> MA3qRn74
> d23Y9wXc
> V2tYRWPu
> dibqznFc
> maKgRNFc
> mJjqr674
> MJbgHWxu
> m2jy9Wfc
> Va3yz67C
> DATQzWp4
> vi3GzEf4
> maKGHeXU
> 5aBgzwX4
> M2byrN7c
> vStgHEpc
> d2bqhEFc
> MSbqHn74
> d2B8z67u
>
> Output from a Windows box (No often repeating characters... seems much more
> random):
>
> c:\passgen.exe 30
> Q9RvTAbT
> zkCKi5Bv
> yZqqJA7e
> 7SrN5qkH
> tA4QB2Hn
> cUjjxFty
> GzU2qYAr
> HX2yZdJs
> 2VJJrRjj
> WpfA3hah
> rYpNfrNt
> MKkNGxTu
> eHUauW2u
> 6EZRGUx7
> JURbHdrk
> Cp7rKwN7
> fXRFeJdg
> NrGHk8A9
> vw33ubVk
> vAcFKh3t
> vWRtDL4n
> kf4YGmCZ
> GdUDJ4iK
> i52JWyb9
> fpCVj5yQ
> HgEy4R3E
> uSkQZxXA
> z7zyL5Mp
> ESBmEv8d
> 4EvxqxiY
>
> P.S. I installed gcc-4.2 from ports today. It installed OK, but it complained
> about cc1plus not being found so would not compile the app.
>
> Brad
