DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 14th July 2014
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default Random Password Generation

Hey gurus,

I have a question. This isn't so much a technical "how do I", as much as a poll-type "how do *you*" sort of question.

Here's the deal. I've used pwgen pretty heavily in the past, but as I dig deeper into the minimalist mindset and configuration I'd like to move further away from additional packages unless I just can't avoid it (i.e. use stuff in base as much as is feasible).

For instance, one could do:

dd if=/dev/urandom of=/dev/stdout bs=12 count=1 2>/dev/null | b64encode -

to generate a nice pseudorandom 16 character password. I know there are a multitude of ways to accomplish this, but I was curious what others were using.

Note, I'm not a huge fan of using `date` as "random" input, since it's effectively not terribly random (if you use second precision, you only have 86400 values you can choose from), so I'd like to stick to higher quality pseudorandom password generation.

Thoughts?
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
Reply With Quote
  #2   (View Single Post)  
Old 14th July 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I use security/keepassx for password generation and storage, primarily because it is available on multiple platforms and I'm able to share the database with different OSes. The random password generation is done in its src/apg/randpass.c. Unlike the word generator pronpass.c in the same directory, the randpass routines are not extensively documented. They certainly work well enough for my purposes, which is to fill out strings with ASCII and allow me to set length and character types.

The PRNG is C++ randint. I don't know anything about its underlying calls, and assume the code for it could be found somewhere in OpenBSD's src/gnu/lib/libstdc++*, but I really don't know. For these relatively short strings, I'm not sure it makes a significant difference.
Reply With Quote
  #3   (View Single Post)  
Old 14th July 2014
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 1,027
Default

There was some discussion of this in the thread Generate passwords from the command line ... for those who haven't seen it. I realize rocket357 has probably seen that thread and is looking for wider input.
Reply With Quote
  #4   (View Single Post)  
Old 14th July 2014
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

Haha! Actually I hadn't read that thread, as I was in the middle of moving to Seattle around that timeframe. Ahh well. Thanks for pointing it out.

And yes, I was really just curious what approaches others were taking.
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
Reply With Quote
  #5   (View Single Post)  
Old 15th July 2014
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 1,027
Default

Quote:
Originally Posted by rocket357 View Post
Haha! Actually I hadn't read that thread, as I was in the middle of moving to Seattle around that timeframe.
Yea, moving sucks, especially when it means you can't read daemonforums. I hope you're enjoying your new home!

Quote:
And yes, I was really just curious what approaches others were taking.
For me, the things mentioned in the other thread. Though I haven't needed it often.
Reply With Quote
  #6   (View Single Post)  
Old 15th July 2014
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

Quote:
Originally Posted by IdOp View Post
Yea, moving sucks, especially when it means you can't read daemonforums.
Agreed

Quote:
Originally Posted by IdOp View Post
I hope you're enjoying your new home!
Working for a very large American online retailer now. Yes, I'm loving it.
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
random OS comparisons barti Other BSD and UNIX/UNIX-like 22 31st December 2014 10:01 AM
Automating patch generation and application for configuration files J65nko Guides 6 27th October 2014 05:31 PM
Wikimedia adopts Lua for page generation J65nko News 0 18th March 2013 08:52 PM
KLANG - Kernel Level Audio Next Generation vermaden News 0 2nd August 2012 09:54 PM
TCP sequence number generation vulnerability patch for netbsd3.0 nagesh NetBSD Security 0 16th March 2012 05:43 PM


All times are GMT. The time now is 04:00 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick