[Semibug] Help with Random Password Generator

Nick Holland nick at holland-consulting.net
Thu Apr 11 17:54:43 EDT 2024


On 4/11/24 00:28, Jonathan Drews wrote:
> I get the following warning when I link the program RandomPasswdGen
> 
> $ cc -Wall -c randpass.c
> $ cc randpass.o -o RandomPasswdGen
> randpass.c(randpass.o:(main)): warning: rand() may return deterministic values,
> is that what you want?
> 
> How can I modify:
> srand((int) time(NULL));              /*  Set the seed */

EW!  EW!  EW!!
gah.
There's NOTHING random about time...  sigh.
(granted, IIRC, srand and rand have a small input and output range, so ... it
isn't as bad as my initial reflexive puking would suggest)

> to make it less deterministic ?

Anyway... man 3 srand says the parameter is ignored and replaced with a real random
number.  So OpenBSD helps you out a lot here.

So the easy answer is just ignore it.  It's pretty good for this application.

But..this is easy to do in shell with OpenBSD and get some real randomness...

$ VALIDCHARS="a-zA-Z0-9!@#$%^&*)(<>-"
$ cat /dev/random |tr -dc "$VALIDCHARS" | dd bs=40 count=1 2>/dev/null
-^cZqqED1j>eYtQn$twKln&M3s9dA1rGoAggyvHX


How it works:
VALIDCHARS is a string of, well, characters you want in your PW.  It will be used with tr
(remember my shell scripting talk?  Great little program!).  A-Z does what you expect, but
that does make using a dash a little weird -- basically, the dash has to be the last
character of the string to be taken as a literal dash.

cat /dev/random gives a flood of random characters, but most of them aren't easily typed.
So...we run the data from /dev/random through tr, using the -dc option -- "(d)elete the
(c)omplement of this list" -- so if it is NOT specified in the string following the -c,
it will be removed from the output stream.
dd bs=40 count=1 gives us one block of 40 characters from the random|tr stream, then
shuts down, closing down the entire pipeline.

All undesired characters are just dropped, rather than trying to translate them into
something "better", which might have undesired effects on true randomness

Nick.



More information about the Semibug mailing list