Great Circle Associates Firewalls
(February 1994) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: genp.c potential weakness
From: long-morrow @ CS . YALE . EDU (H Morrow Long)
Date: Tue, 15 Feb 1994 10:58:22 -0500
To: firewalls @ GreatCircle . COM, morgan @ engr . uky . edu 
I add a few bits from the gettimeofday() microseconds to the PID number
in my random password generator:


/*
 *
 *      YALE University CS Dept.
 *      Computing Facility, H. Morrow Long
 *
 * Yale Copyright (c) 1992 Yale University.
 * This software is not public domain, it is not to be sold, distributed,
 * or reproduced by any means (mechanical, electronic, etc.).
 *
 * Permission is granted only to use this software so long as it is not
 * sold for profit, provided that this notice and the original copyright
 * notices are retained.  Yale University makes no representations
 * about the suitability of this software for any purpose.  It is
 * provided "as is" without express or implied warranty.
 *
 *      $Log:	randpass.c,v $
 * Revision 1.3  93/01/05  14:08:53  long
 * Now use Salt as seed arg (rather than Clock) for SEED_RANDOM_FUNC().
 * 
 * Revision 1.2  92/03/11  16:01:54  long
 * Added better seed value (salt) by incorporating process id number of
 * current process and a portion of the microseconds bits if
 * gettimeofday() function available.  Also will use srandom/random
 * over srand/rand if available and turned on.
 * 
 * Revision 1.1  92/03/11  11:44:42  long
 * Initial revision
 * 
 *
 */

#include <stdio.h>

/*
 *	'define' Macros that should be tweaked for your system.
 */
#define	GETTIMEOFDAY		/* if your system supports gettimeofday() */
#define	RANDOM			/* to use srandom/random rather than s/rand */
/* #define	DEBUG	*/
#define MAXPASSWDLEN	8
#define MINUNIQCHARS	5		/* min unique symbols */

/*
 *	'define' Macros that should NOT be tweaked for your system.
 */
#define	FALSE		0
#define	TRUE		1

#ifdef	GETTIMEOFDAY
#include <sys/time.h>
unsigned long	GetMicroSeconds();
#endif	GETTIMEOFDAY

#ifdef	RANDOM
#define	SEED_RANDOM_FUNC	srandom
#define	RANDOM_FUNC		random
#else
#define	SEED_RANDOM_FUNC	srand
#define	RANDOM_FUNC		rand
#endif


# ifndef lint
static char RCSID[] = "$Header: randpass.c,v 1.3 93/01/05 14:08:53 long Exp $";
# endif lint

main()
{
unsigned char	PasswdString[MAXPASSWDLEN + 1];
unsigned char	Byte;
unsigned long	MicroSeconds;		/* if gettimeofday supported */
unsigned long	Clock;
unsigned long	PID;
unsigned long	Salt;
int	Length;
long	time();

time(&Clock);
PID = (unsigned long) getpid();

#ifdef	GETTIMEOFDAY
Clock = GetMicroSeconds();
#ifdef	DEBUG
fprintf(stderr, "DEBUG: Clock = GetMicroSeconds() = %u\n", Clock );
#endif
#endif

Salt = ( PID << 16) | ( Clock & 0x0000ffff);
#ifdef	DEBUG
fprintf(stderr, "DEBUG: Salt = %u\n", Salt );
#endif

SEED_RANDOM_FUNC(Salt);

do  
    { 
    for (Length = 0; Length < MAXPASSWDLEN; Length++)
	{
	PasswdString[Length] = '\0';
	while ( PasswdString[Length] == '\0' ) 
		{
		Byte = ( ( RANDOM_FUNC()) % 127 );
		if ( ! ( isprint(Byte) ) ) continue;
		if ( ( isspace(Byte) ) ) continue;
		if (Length > 0 )
			if ( ( (isupper(PasswdString[Length-1])) && 
			       (isupper(Byte) ) ) ||
			     ( (islower(PasswdString[Length-1])) && 
			       (islower(Byte) ) ) ||
			     ( (isdigit(PasswdString[Length-1])) && 
			       (isdigit(Byte) ) ) ||
			     ( (ispunct(PasswdString[Length-1])) && 
			       (ispunct(Byte) ) ) ) 
				continue;
		PasswdString[Length] = Byte;
#ifdef	DEBUG
		fprintf(stderr, "DEBUG: PasswdString[%d] = %c\n", Length, Byte);
#endif
		}
	}
	PasswdString[Length] = '\0';
    } 	while ( UniqCharsInString( PasswdString ) < MINUNIQCHARS );

	printf("You will have 10 seconds to write or copy this password.\n");
	printf("Password generated is = %8.8s ", PasswdString);
	fflush(stdout);
	sleep(10);
	printf("\rPassword generated is = XXXXXXXXX\n");
				/* erase memory for paranoia */
	while (Length > -1 )
		PasswdString[Length--] = '\0';
}

UniqCharsInString( String )  
unsigned char	*String;
{
int	Counter, Index, Position, Length, UniqueFlag;


#ifdef	DEBUG
	fprintf(stderr, "DEBUG: Inside UniqCharsInString(\"%s\")\n", String);
#endif
	Length = strlen(String);
	for ( Position = 0 ; Position < Length; Position++)
		if (Position == 0)
			Counter = 1;
		else
			{
			UniqueFlag  = TRUE;
			for ( Index = 0 ; Index < Position ; Index++)
				if ( String[Index] == String[Position] )
					UniqueFlag  = FALSE;
			Counter += UniqueFlag ;
			}

#ifdef	DEBUG
	fprintf(stderr, "DEBUG:\tCounter = %d\n", Counter);
#endif
	return(Counter);
}

#ifdef	GETTIMEOFDAY
unsigned long GetMicroSeconds()
{
struct  timeval TimeVal;

	gettimeofday(&TimeVal, (struct timezone *) 0 );
	return(TimeVal.tv_usec);
}
#endif
Indexed By Date Previous: Re: genp.c potential weakness
From: mjr @ tis . com
Next: questions
From: lacoursj @ uprc . com (Jeffrey D. LaCoursiere)
Indexed By Thread Previous: Re: genp.c potential weakness
From: mjr @ tis . com
Next: questions
From: lacoursj @ uprc . com (Jeffrey D. LaCoursiere)
Google
 
Search Internet Search www.greatcircle.com