On 7 February 2010 c. 22:57:31 Otto Moerbeek wrote:
> On Sun, Feb 07, 2010 at 08:54:04PM +0100, Otto Moerbeek wrote:
> > On Sun, Feb 07, 2010 at 10:42:40PM +0300, Vadim Zhukov wrote:
> > > On 7 February 2010 c. 21:59:33 Brad Tilley wrote:
> > > > I wrote a small cpp application to generate randomish passwords.
> > > > It compiles and runs OK on OpenBSD, however, it does not seem to
> > > > create random strings (the first and last chars seldom ever
> > > > change, etc). The same code compiles and runs on Linux and
> > > > Windows and *does* produce randomish strings (no often repeating
> > > > chars). The source code is small and is contained in a single
> > > > file. I placed it here along with binaries for OpenBSD and
> > > > Windows:
> > > >
> > > > http://16systems.com/downloads
> > > >
> > > > I could be doing something wrong. I've checked the source code
> > > > several times but nothing obvious stands out. I'll try a gcc
> > > > compiler from ports tomorrow to see if that makes a difference.
> > > > Until then, I thought I'd post to tech. Can anyone tell if I've
> > > > made an error in the source code?
> > >
> > > Yes, there is an error. Use random(3), as suggested in the
> > > rand(3).
> >
> > That is still wrong for this purpose. Although random(3) is a better
> > random number generator than rand, is still a cryptographic weak
> > generator.
>
> Correction to myself: if you seed it with randomdev(), it might be
> good enough.
>
> > Better use arc4random()
>
> That still applies, simple and no seeding considerations.
>
> > -Otto
Well, TS did not mentioned that he wants really strong passwords... ;)
And I was shocked enough by jar() function there... As my friend just
said: "I've never seen before such nicely split, indented and commented
code that I cannot understand". :)
Still shame on me too, of course.
--
Best wishes,
Vadim Zhukov
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
