[erlang-questions] Password generator in Erlang
Zabrane Mickael
zabrane3@REDACTED
Fri Aug 17 16:38:06 CEST 2012
Hi Samuel,
Great feedbacks.
I'll try to find out how to generate good seeds.
May be some braves Erlangers know the answer?
Regards,
Zabrane
On Aug 17, 2012, at 12:53 PM, Samuel wrote:
>> The second implementation is more secure in that sense, but still the
>> original seed is guessable. An attacker can generate possible password
>> sequences by bruteforce just tying possible now tuples around the time
>> he thinks the real seed was created.
>>
>>
>> So, how one can generate a secure un-predicatable seeds?
>
> That's the tricky part :) At least you have to avoid generating
> clearly predictable seeds as the seed is your private key in this
> case. With the seed anyone can reproduce the sequence.
>
> crypto:strong_rand_bytes strives for better security properties, and I
> understand it abstracts how to generate a good key for you, trying to
> suck entropy from your system (so you may need to sit there banging
> the keys and moving the mouse around for that ;) )
>
> I am not a security expert by far, I just know some things that do not
> work :). For things that work, the common approach is relying in
> popular libraries not known to be broken. and trying not to use them
> in a fancy way as the history is full of famous broken cryptographic
> uses (you can read about flaws CSS, WEP, etc).
>
> Of course, whether that approach is advisable or not is more a
> philosophical question, not knowing they are not broken doesn't mean
> that no one knows how to break them and has the key access information
> is thought to be safely encrypted :)
>
>> We also moved to "Tiny Mersenne Twister"
>> (https://github.com/jj1bdx/tinymt-erlang) instead of using
>> the standard random:uniform since the last Yaws security alert
>> (http://erlang.org/pipermail/erlang-questions/2012-June/067626.html).
>> Is this sufficient or should we also find a way to generate a unpredicatble
>> seed for it?
>
> As said, I am not a security expert, but as far as I can read, the
> goals of that algorithm are to keep a small state with good
> statistical properties, it says nothing about security (which doesn't
> necessarily mean it is insecure, of course). A PRG can have good
> statistical properties and still be insecure, being a secure PRG is a
> stronger assumption. That is why erlang:random is fine for non
> cryptographic uses, but for security you need something more complex.
>
> Anyway, you always need a seed no one can guess. Same seed, same
> sequence, so if someone guesses your seed it basically gets all your
> passwords in return.
>
> Regards
> --
> Samuel
More information about the erlang-questions
mailing list