Bugtraq: Re: Flaw in commonly used bash random seed method

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Flaw in commonly used bash random seed method

From: Dave English <dave.english () thus net>
Date: Tue, 4 Apr 2006 09:21:40 +0100

In message<a260a2190604031256g23cf3645s348f829530982b38 () mail gmail com>, Matthijs<thotter () gmail com> writes

By the way, if the random function can only generate numbers between 0
and 32767, won't 2 bytes be enough then? The algorithm will perform a
modulo calculation anyway, so 4 bytes won't really add anything. Of
course, it is much better then only one byte.

That will depend on whether the state stored between calls to the PRNGis only 15-bits, or something larger.

If more state is stored than is enumerated in the result, then thegenerator should have more points on its sequence than 32768 . In thatcase then, seeding with more than 15 bits would be worthwhile.


I have not looked at Bash myself, to see what it actually does
--
Dave English                      Senior Software & Systems Engineer
                             Internet Platform Development, Thus plc

Attachment: signature.asc
Description:

By Date By Thread

Current thread:

Flaw in commonly used bash random seed method coderpunk (Apr 03)
- Re: Flaw in commonly used bash random seed method Matthijs (Apr 03)
  - Re: Flaw in commonly used bash random seed method Dave English (Apr 04)
    - Re: Flaw in commonly used bash random seed method Matthijs (Apr 04)
    - Re: Flaw in commonly used bash random seed method Matthijs (Apr 04)
  - Re: Flaw in commonly used bash random seed method Dave Korn (Apr 05)
    - Re: Flaw in commonly used bash random seed method Steve VanDevender (Apr 10)