Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Flaw in commonly used bash random seed method
From: Dave English <dave.english () thus net>
Date: Tue, 4 Apr 2006 09:21:40 +0100

In message <a260a2190604031256g23cf3645s348f829530982b38 () mail gmail com>, Matthijs <thotter () gmail com> writes

By the way, if the random function can only generate numbers between 0
and 32767, won't 2 bytes be enough then? The algorithm will perform a
modulo calculation anyway, so 4 bytes won't really add anything. Of
course, it is much better then only one byte.

That will depend on whether the state stored between calls to the PRNG is only 15-bits, or something larger.

If more state is stored than is enumerated in the result, then the generator should have more points on its sequence than 32768 . In that case then, seeding with more than 15 bits would be worthwhile.

I have not looked at Bash myself, to see what it actually does
Dave English                      Senior Software & Systems Engineer
                             Internet Platform Development, Thus plc

Attachment: signature.asc

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]