[erlang-questions] Password generator in Erlang

Raimo Niskanen raimo+erlang-questions@REDACTED
Fri Aug 17 16:56:13 CEST 2012 

On Fri, Aug 17, 2012 at 04:38:06PM +0200, Zabrane Mickael wrote:
> Hi Samuel,
> 
> Great feedbacks.
> 
> I'll try to find out how to generate good seeds.
> May be some braves Erlangers know the answer?

The simple answer is as mentioned before in this thread
to use crypto:strong_rand_bytes/1, as it will with OS and library
support take care of the seeding itself. This will be
what is considered secure enough by the writers of OpenSSL.

  strong_rand_bytes(N) -> binary()

    Types:
        N = integer()

    Generates N bytes randomly uniform 0..255, and returns the
    result in a binary. Uses a cryptographically secure prng
    seeded and periodically mixed with operating system provided
    entropy. By default this is the RAND_bytes method from OpenSSL.

    May throw exception low_entropy in case the random generator
    failed due to lack of secure "randomness".

/ Raimo


> 
> Regards,
> Zabrane
> 
> On Aug 17, 2012, at 12:53 PM, Samuel wrote:
> 
> >> The second implementation is more secure in that sense, but still the
> >> original seed is guessable. An attacker can generate possible password
> >> sequences by bruteforce just tying possible now tuples around the time
> >> he thinks the real seed was created.
> >> 
> >> 
> >> So, how one can generate a secure un-predicatable seeds?
> > 
> > That's the tricky part :) At least you have to avoid generating
> > clearly predictable seeds as the seed is your private key in this
> > case. With the seed anyone can reproduce the sequence.
> > 
> > crypto:strong_rand_bytes strives for better security properties, and I
> > understand it abstracts how to generate a good key for you, trying to
> > suck entropy from your system (so you may need to sit there banging
> > the keys and moving the mouse around for that ;) )
> > 
> > I am not a security expert by far, I just know some things that do not
> > work :). For things that work, the common approach is relying in
> > popular libraries not known to be broken. and trying not to use them
> > in a fancy way as the history is full of famous broken cryptographic
> > uses (you can read about flaws CSS, WEP, etc).
> > 
> > Of course, whether that approach is advisable or not is more a
> > philosophical question, not knowing they are not broken doesn't mean
> > that no one knows how to break them and has the key access information
> > is thought to be safely encrypted :)
> > 
> >> We also moved to "Tiny Mersenne Twister"
> >> (https://github.com/jj1bdx/tinymt-erlang) instead of using
> >> the standard random:uniform since the last Yaws security alert
> >> (http://erlang.org/pipermail/erlang-questions/2012-June/067626.html).
> >> Is this sufficient or should we also find a way to generate a unpredicatble
> >> seed for it?
> > 
> > As said, I am not a security expert, but as far as I can read, the
> > goals of that algorithm are to keep a small state with good
> > statistical properties, it says nothing about security (which doesn't
> > necessarily mean it is insecure, of course). A PRG can have good
> > statistical properties and still be insecure, being a secure PRG is a
> > stronger assumption. That is why erlang:random is fine for non
> > cryptographic uses, but for security you need something more complex.
> > 
> > Anyway, you always need a seed no one can guess. Same seed, same
> > sequence, so if someone guesses your seed it basically gets all your
> > passwords in return.
> > 
> > Regards
> > -- 
> > Samuel
> 
> 
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

More information about the erlang-questions mailing list