Re: Strengthening the Passphrase Model

Bill Frantz (frantz@netcom.com)
Wed, 10 Feb 1999 23:17:06 -0700

• Next message: William Whyte: "RE: Invisimail: snake oil?"
• Previous message: Enzo Michelangeli: "Invisimail: snake oil?"
• In reply to: Mail System Internal Data: "DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA"
• Next in thread: David R. Conrad: "Re: Strengthening the Passphrase Model"
• Reply: David R. Conrad: "Re: Strengthening the Passphrase Model"

At 2:31 PM -0700 2/10/99, David R. Conrad wrote:
>[My problem with this is that the source of entropy is particularly
> bad... --Perry]

Perry - I thought that /dev/random was fairly good on the systems that
support it. However, collapsing all the entropy down to a 16 or 32 bit int
seems a bit bogus.

>
>BTW, here's a simple program I use to generate passwds and/or diceware
>words. For diceware, use "grep `randpwd -` diceware-list |cut -f2"
>
>Sorry that it's a bit of an obfuscated C contest entry, but I had written
>a somewhat simpler one, and then when I wrote this one I tried to keep
>from making it much longer than the previous incarnation. Silly, I know.
>
> -=-=- randpwd.c -=-=-
>#include <stdio.h>
>#include <stdlib.h>
>#include <string.h>
>#include <sys/time.h>
>#include <unistd.h>
>
>int main(int argc, char **argv) {
> struct timeval tv;
> char chars[] = "abcdefghijklmnopqrstuvwxyz"
> "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
> "0123456789,.;'/-=";
> int i, seed = 0, len = strlen(chars);
> FILE *fp = fopen("/dev/random", "r");
> if (fp) { fread(&seed, 1, sizeof(seed), fp); fclose(fp); }
>
> gettimeofday(&tv, NULL);
> srand(tv.tv_sec ^ tv.tv_usec ^ getpid() ^ seed);
>
> if (argc > 1) for (i = 0; i < 5; i++) printf("%d", rand()%6+1);
> else for (i = 0; i < 8; i++) printf("%c", chars[rand()%len]);
>
> return printf("\n")-1;
>}
> -=-=- randpwd.c -=-=-
>
>'return printf("\n")-1;', hey I said it was slightly obfuscated. :-)
>CodherPlunks write cyphe, or something.
>
>David R. Conrad <drc@adni.net> PGP keys (0x1993E1AE and 0xA0B83D31):
>DSS Fingerprint20 = 9942 E27C 3966 9FB8 5058 73A4 83CE 62EF 1993 E1AE
>RSA Fingerprint16 = 1D F2 F3 90 DA CA 35 5D 91 E4 09 45 95 C8 20 F1
>Note: Due to frequent spam abuse, I accept no email from *.da.uu.net.

-------------------------------------------------------------------------
Bill Frantz | Macintosh: Didn't do every-| Periwinkle -- Consulting
(408)356-8506 | thing right, but did know | 16345 Englewood Ave.
frantz@netcom.com | the century would end. | Los Gatos, CA 95032, USA

• Next message: William Whyte: "RE: Invisimail: snake oil?"
• Previous message: Enzo Michelangeli: "Invisimail: snake oil?"
• In reply to: Mail System Internal Data: "DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA"
• Next in thread: David R. Conrad: "Re: Strengthening the Passphrase Model"
• Reply: David R. Conrad: "Re: Strengthening the Passphrase Model"