On 7 February 2010 c. 22:57:31 Otto Moerbeek wrote: > On Sun, Feb 07, 2010 at 08:54:04PM +0100, Otto Moerbeek wrote: > > On Sun, Feb 07, 2010 at 10:42:40PM +0300, Vadim Zhukov wrote: > > > On 7 February 2010 c. 21:59:33 Brad Tilley wrote: > > > > I wrote a small cpp application to generate randomish passwords. > > > > It compiles and runs OK on OpenBSD, however, it does not seem to > > > > create random strings (the first and last chars seldom ever > > > > change, etc). The same code compiles and runs on Linux and > > > > Windows and *does* produce randomish strings (no often repeating > > > > chars). The source code is small and is contained in a single > > > > file. I placed it here along with binaries for OpenBSD and > > > > Windows: > > > > > > > > http://16systems.com/downloads > > > > > > > > I could be doing something wrong. I've checked the source code > > > > several times but nothing obvious stands out. I'll try a gcc > > > > compiler from ports tomorrow to see if that makes a difference. > > > > Until then, I thought I'd post to tech. Can anyone tell if I've > > > > made an error in the source code? > > > > > > Yes, there is an error. Use random(3), as suggested in the > > > rand(3). > > > > That is still wrong for this purpose. Although random(3) is a better > > random number generator than rand, is still a cryptographic weak > > generator. > > Correction to myself: if you seed it with randomdev(), it might be > good enough. > > > Better use arc4random() > > That still applies, simple and no seeding considerations. > > > -Otto
Well, TS did not mentioned that he wants really strong passwords... ;) And I was shocked enough by jar() function there... As my friend just said: "I've never seen before such nicely split, indented and commented code that I cannot understand". :) Still shame on me too, of course. -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?