[erlang-questions] Password generator in Erlang
Fri Aug 17 16:38:06 CEST 2012
I'll try to find out how to generate good seeds.
May be some braves Erlangers know the answer?
On Aug 17, 2012, at 12:53 PM, Samuel wrote:
>> The second implementation is more secure in that sense, but still the
>> original seed is guessable. An attacker can generate possible password
>> sequences by bruteforce just tying possible now tuples around the time
>> he thinks the real seed was created.
>> So, how one can generate a secure un-predicatable seeds?
> That's the tricky part :) At least you have to avoid generating
> clearly predictable seeds as the seed is your private key in this
> case. With the seed anyone can reproduce the sequence.
> crypto:strong_rand_bytes strives for better security properties, and I
> understand it abstracts how to generate a good key for you, trying to
> suck entropy from your system (so you may need to sit there banging
> the keys and moving the mouse around for that ;) )
> I am not a security expert by far, I just know some things that do not
> work :). For things that work, the common approach is relying in
> popular libraries not known to be broken. and trying not to use them
> in a fancy way as the history is full of famous broken cryptographic
> uses (you can read about flaws CSS, WEP, etc).
> Of course, whether that approach is advisable or not is more a
> philosophical question, not knowing they are not broken doesn't mean
> that no one knows how to break them and has the key access information
> is thought to be safely encrypted :)
>> We also moved to "Tiny Mersenne Twister"
>> (https://github.com/jj1bdx/tinymt-erlang) instead of using
>> the standard random:uniform since the last Yaws security alert
>> Is this sufficient or should we also find a way to generate a unpredicatble
>> seed for it?
> As said, I am not a security expert, but as far as I can read, the
> goals of that algorithm are to keep a small state with good
> statistical properties, it says nothing about security (which doesn't
> necessarily mean it is insecure, of course). A PRG can have good
> statistical properties and still be insecure, being a secure PRG is a
> stronger assumption. That is why erlang:random is fine for non
> cryptographic uses, but for security you need something more complex.
> Anyway, you always need a seed no one can guess. Same seed, same
> sequence, so if someone guesses your seed it basically gets all your
> passwords in return.
More information about the erlang-questions