[erlang-questions] Password generator in Erlang

Samuel <>
Fri Aug 17 12:53:53 CEST 2012


> The second implementation is more secure in that sense, but still the
> original seed is guessable. An attacker can generate possible password
> sequences by bruteforce just tying possible now tuples around the time
> he thinks the real seed was created.
>
>
> So, how one can generate a secure un-predicatable seeds?

That's the tricky part :) At least you have to avoid generating
clearly predictable seeds as the seed is your private key in this
case. With the seed anyone can reproduce the sequence.

crypto:strong_rand_bytes strives for better security properties, and I
understand it abstracts how to generate a good key for you, trying to
suck entropy from your system (so you may need to sit there banging
the keys and moving the mouse around for that ;) )

I am not a security expert by far, I just know some things that do not
work :). For things that work, the common approach is relying in
popular libraries not known to be broken. and trying not to use them
in a fancy way as the history is full of famous broken cryptographic
uses (you can read about flaws CSS, WEP, etc).

Of course, whether that approach is advisable or not is more a
philosophical question, not knowing they are not broken doesn't mean
that no one knows how to break them and has the key access information
is thought to be safely encrypted :)

> We also moved to "Tiny Mersenne Twister"
> (https://github.com/jj1bdx/tinymt-erlang) instead of using
> the standard random:uniform since the last Yaws security alert
> (http://erlang.org/pipermail/erlang-questions/2012-June/067626.html).
> Is this sufficient or should we also find a way to generate a unpredicatble
> seed for it?

As said, I am not a security expert, but as far as I can read, the
goals of that algorithm are to keep a small state with good
statistical properties, it says nothing about security (which doesn't
necessarily mean it is insecure, of course). A PRG can have good
statistical properties and still be insecure, being a secure PRG is a
stronger assumption. That is why erlang:random is fine for non
cryptographic uses, but for security you need something more complex.

Anyway, you always need a seed no one can guess. Same seed, same
sequence, so if someone guesses your seed it basically gets all your
passwords in return.

Regards
-- 
Samuel



More information about the erlang-questions mailing list