[4192] in cryptography@c2.net mail archive
Re: Strengthening the Passphrase Model
daemon@ATHENA.MIT.EDU (Bill Frantz)
Thu Feb 11 14:26:48 1999
In-Reply-To: <Pine.LNX.4.05.9902101622570.19550-100000@darwin.adni.net>
Date: Wed, 10 Feb 1999 23:17:06 -0700
To: "David R. Conrad" <drc@adni.net>, cryptography@c2.net
From: Bill Frantz <frantz@netcom.com>
Cc: coderpunks@toad.com
At 2:31 PM -0700 2/10/99, David R. Conrad wrote:
>[My problem with this is that the source of entropy is particularly
> bad... --Perry]
Perry - I thought that /dev/random was fairly good on the systems that
support it. However, collapsing all the entropy down to a 16 or 32 bit int
seems a bit bogus.
[Plus, srand is NOT /dev/random. --Perry]
>
>BTW, here's a simple program I use to generate passwds and/or diceware
>words. For diceware, use "grep `randpwd -` diceware-list |cut -f2"
>
>Sorry that it's a bit of an obfuscated C contest entry, but I had written
>a somewhat simpler one, and then when I wrote this one I tried to keep
>from making it much longer than the previous incarnation. Silly, I know.
>
> -=-=- randpwd.c -=-=-
>#include <stdio.h>
>#include <stdlib.h>
>#include <string.h>
>#include <sys/time.h>
>#include <unistd.h>
>
>int main(int argc, char **argv) {
> struct timeval tv;
> char chars[] = "abcdefghijklmnopqrstuvwxyz"
> "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
> "0123456789,.;'/-=";
> int i, seed = 0, len = strlen(chars);
> FILE *fp = fopen("/dev/random", "r");
> if (fp) { fread(&seed, 1, sizeof(seed), fp); fclose(fp); }
>
> gettimeofday(&tv, NULL);
> srand(tv.tv_sec ^ tv.tv_usec ^ getpid() ^ seed);
>
> if (argc > 1) for (i = 0; i < 5; i++) printf("%d", rand()%6+1);
> else for (i = 0; i < 8; i++) printf("%c", chars[rand()%len]);
>
> return printf("\n")-1;
>}
> -=-=- randpwd.c -=-=-
>
>'return printf("\n")-1;', hey I said it was slightly obfuscated. :-)
>Coderpunks write cyphe, or something.
>
>David R. Conrad <drc@adni.net> PGP keys (0x1993E1AE and 0xA0B83D31):
>DSS Fingerprint20 = 9942 E27C 3966 9FB8 5058 73A4 83CE 62EF 1993 E1AE
>RSA Fingerprint16 = 1D F2 F3 90 DA CA 35 5D 91 E4 09 45 95 C8 20 F1
>Note: Due to frequent spam abuse, I accept no email from *.da.uu.net.
-------------------------------------------------------------------------
Bill Frantz | Macintosh: Didn't do every-| Periwinkle -- Consulting
(408)356-8506 | thing right, but did know | 16345 Englewood Ave.
frantz@netcom.com | the century would end. | Los Gatos, CA 95032, USA
