Great Circle Associates Firewalls
(May 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Random Password Generator
From: Ryan Russell/SYBASE <Ryan . Russell @ sybase . com>
Date: 28 May 97 8:43:30 EDT
To: Peter da Silva <peter @ baileynm . com>
Cc: Christopher Curtis <ccurtis @ facm . fit . edu>, mgarcia <mgarcia @ accesosis . es>, firewalls <firewalls @ GreatCircle . COM> 
Indeed.  I believe something very similar to this code
is what let those guys in Berkeley break the 40-bit
SSL from Netscape a while back...

   Ryan

---------- Previous Message ----------
To: ccurtis
cc: mgarcia, firewalls
From: peter @
 baileynm .
 com (Peter da Silva) @ smtp
Date: 05/28/97 08:24:57 AM
Subject: Re: Random Password Generator

>  srand( time( NULL ));

Try something better. Like, maybe:

 strand( time(NULL) | getpid() | getppid () );

It's too easy to predict a purely time based password generator. Even adding
your process ID and parent isn't really a good enough protection from a snooper
on the same machine.
Indexed By Date Previous: Re: Random Password Generator
From: Christopher Curtis <ccurtis @ facm . fit . edu>
Next: Re: ssh proxy for fwtk
From: Don Woelz <don @ genroco . com>
Indexed By Thread Previous: Re: Random Password Generator
From: Adam Shostack <adam @ homeport . org>
Next: RE: Random Password Generator
From: Patrick Naubert <patrickn @ tygerteam . com>
Google
 
Search Internet Search www.greatcircle.com