[erlang-questions] Password generator in Erlang
Fri Aug 17 16:56:13 CEST 2012
On Fri, Aug 17, 2012 at 04:38:06PM +0200, Zabrane Mickael wrote:
> Hi Samuel,
> Great feedbacks.
> I'll try to find out how to generate good seeds.
> May be some braves Erlangers know the answer?
The simple answer is as mentioned before in this thread
to use crypto:strong_rand_bytes/1, as it will with OS and library
support take care of the seeding itself. This will be
what is considered secure enough by the writers of OpenSSL.
strong_rand_bytes(N) -> binary()
N = integer()
Generates N bytes randomly uniform 0..255, and returns the
result in a binary. Uses a cryptographically secure prng
seeded and periodically mixed with operating system provided
entropy. By default this is the RAND_bytes method from OpenSSL.
May throw exception low_entropy in case the random generator
failed due to lack of secure "randomness".
> On Aug 17, 2012, at 12:53 PM, Samuel wrote:
> >> The second implementation is more secure in that sense, but still the
> >> original seed is guessable. An attacker can generate possible password
> >> sequences by bruteforce just tying possible now tuples around the time
> >> he thinks the real seed was created.
> >> So, how one can generate a secure un-predicatable seeds?
> > That's the tricky part :) At least you have to avoid generating
> > clearly predictable seeds as the seed is your private key in this
> > case. With the seed anyone can reproduce the sequence.
> > crypto:strong_rand_bytes strives for better security properties, and I
> > understand it abstracts how to generate a good key for you, trying to
> > suck entropy from your system (so you may need to sit there banging
> > the keys and moving the mouse around for that ;) )
> > I am not a security expert by far, I just know some things that do not
> > work :). For things that work, the common approach is relying in
> > popular libraries not known to be broken. and trying not to use them
> > in a fancy way as the history is full of famous broken cryptographic
> > uses (you can read about flaws CSS, WEP, etc).
> > Of course, whether that approach is advisable or not is more a
> > philosophical question, not knowing they are not broken doesn't mean
> > that no one knows how to break them and has the key access information
> > is thought to be safely encrypted :)
> >> We also moved to "Tiny Mersenne Twister"
> >> (https://github.com/jj1bdx/tinymt-erlang) instead of using
> >> the standard random:uniform since the last Yaws security alert
> >> (http://erlang.org/pipermail/erlang-questions/2012-June/067626.html).
> >> Is this sufficient or should we also find a way to generate a unpredicatble
> >> seed for it?
> > As said, I am not a security expert, but as far as I can read, the
> > goals of that algorithm are to keep a small state with good
> > statistical properties, it says nothing about security (which doesn't
> > necessarily mean it is insecure, of course). A PRG can have good
> > statistical properties and still be insecure, being a secure PRG is a
> > stronger assumption. That is why erlang:random is fine for non
> > cryptographic uses, but for security you need something more complex.
> > Anyway, you always need a seed no one can guess. Same seed, same
> > sequence, so if someone guesses your seed it basically gets all your
> > passwords in return.
> > Regards
> > --
> > Samuel
> erlang-questions mailing list
/ Raimo Niskanen, Erlang/OTP, Ericsson AB
More information about the erlang-questions