[erlang-questions] Password generator in Erlang
CGS
cgsmcmlxxv@REDACTED
Fri Aug 17 10:12:52 CEST 2012
Hi Zabrane,
If you want just a well distributed RNG with long period, you may take a
look at WELL RNG (http://www.iro.umontreal.ca/~panneton/WELLRNG.html) as
well. I also needed that and I had an attempt to translate it in Erlang,
so, you may use it if you think fit (
https://github.com/cgsmcmlxxv/WELL44497ac). It is recommended for Monte
Carlo simulations and less for cryptography, though.
CGS
On Fri, Aug 17, 2012 at 9:44 AM, Zabrane Mickael <zabrane3@REDACTED> wrote:
> Hi Samuel,
>
> Thanks for these useful insights.
>
> We're not a security software company and our usage of these passwords
> isn't critical.
> Anyway, we want to learn if possible.
>
> First, random:uniform is not cryptographically secure, which means is
> somewhat predictable. As already mentioned use any other generator
> meant to be secure as the one in crypto or the ssl library.
>
> Even using a secure pseudrandom generator:
>
> Your first implementation destroys the security, as you are creating a
> seed for each random number an attacker just needs to guess the seed
> sequence, not the pseudorandom sequence. In your case you had a side
> effect of generating collisions, but that was not the worst problem.
>
>
> Yup. Sverker response was very clear to this regard!
>
> The second implementation is more secure in that sense, but still the
> original seed is guessable. An attacker can generate possible password
> sequences by bruteforce just tying possible now tuples around the time
> he thinks the real seed was created.
>
>
> So, how one can generate a secure un-predicatable seeds?
>
> So, if you want to create passwords difficult to guess, you need at
> least a cryptographically secure PRG, which will give you an
> unpredictable sequence of bytes, and an unguessable seed, which will
> give prevent any attacker from creating the same sequence of bytes
> again an completely break all your passwords.
>
>
> We also moved to "Tiny Mersenne Twister" (
> https://github.com/jj1bdx/tinymt-erlang) instead of using
> the standard random:uniform since the last Yaws security alert (
> http://erlang.org/pipermail/erlang-questions/2012-June/067626.html).
> Is this sufficient or should we also find a way to generate a
> unpredicatble seed for it?
>
> Regards,
> Zabrane
>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20120817/5dac6929/attachment.htm>
More information about the erlang-questions
mailing list