Bugtraq mailing list archives
Re: Flaw in commonly used bash random seed method
From: Matthijs <thotter () gmail com>
Date: Mon, 3 Apr 2006 21:56:12 +0200
I hope nobody generates passwords with ANY kind of pseudo-RNG. No matter how good those algorithms are (and linear congruential generators, the algorithm type of the bash function, usually aren't very good), the results can be reproduced. Therefore you shouldn't really generate your passwords with it IMHO. The short cycle length of this algorithm only makes it worse. By the way, if the random function can only generate numbers between 0 and 32767, won't 2 bytes be enough then? The algorithm will perform a modulo calculation anyway, so 4 bytes won't really add anything. Of course, it is much better then only one byte. On 4/2/06, coderpunk <coderpunk () gmail com> wrote:
I think I just discovered a flaw in what appears to be a common way to see bash's $RANDOM function. bash provides a pseudo-random number, from 0-32767, using the $RANDOM function. You can seed this by setting RANDOM=42 or some other number. Otherwise it is seeded by the process id and time. There are a plethora of usenet and web posts that suggest using the following to seed the function: SEED=$(head -1 /dev/urandom | od -N 1 | awk '{ print $2 }') But look at the output, and the manpage for od. All this is doing is reading 1 line of /dev/urandom (a binary stream), passing it to od which is taking 1 byte and converting it to octal and printing it with awk. What's wrong with this picture? You've just taken a random source and turned it into a number from 0-255! I hope you haven't been generating your password lists with any of the scripts using that seed method. Here is a better way: SEED=$(head -c4 /dev/urandom | od -t u4 | awk '{ print $2 }') This reads 4 bytes from /dev/urandom, passed it to od which converts it into a unsigned 4 byte integer and prints it. This should have a range of 2**32 (4294967296L) which is a bit more secure than 0-255. .cp
Current thread:
- Flaw in commonly used bash random seed method coderpunk (Apr 03)
- Re: Flaw in commonly used bash random seed method Matthijs (Apr 03)
- Re: Flaw in commonly used bash random seed method Dave English (Apr 04)
- Re: Flaw in commonly used bash random seed method Matthijs (Apr 04)
- Re: Flaw in commonly used bash random seed method Matthijs (Apr 04)
- Re: Flaw in commonly used bash random seed method Dave English (Apr 04)
- Re: Flaw in commonly used bash random seed method Dave Korn (Apr 05)
- Re: Flaw in commonly used bash random seed method Steve VanDevender (Apr 10)
- Re: Flaw in commonly used bash random seed method Matthijs (Apr 03)