Indeed. I believe something very similar to this code
is what let those guys in Berkeley break the 40-bit
SSL from Netscape a while back...
---------- Previous Message ----------
cc: mgarcia, firewalls
From: peter @
com (Peter da Silva) @ smtp
Date: 05/28/97 08:24:57 AM
Subject: Re: Random Password Generator
> srand( time( NULL ));
Try something better. Like, maybe:
strand( time(NULL) | getpid() | getppid () );
It's too easy to predict a purely time based password generator. Even adding
your process ID and parent isn't really a good enough protection from a snooper
on the same machine.