Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re^3: String::MkPasswd still supported?

by no_slogan (Deacon)
on Sep 30, 2014 at 15:29 UTC ( [id://1102441]=note: print w/replies, xml ) Need Help??


in reply to Re^2: String::MkPasswd still supported?
in thread String::MkPasswd still supported?

Note that an 8-character alphabetic password has log(26*2)/log(2)*8 = 45.6 bits of randomness. As of 5.20, perl uses drand48, which is named for its 48 bits of internal state. Nominally, it has enough randomness to fill that password, but it's seeded with only 32 bits. So if your program starts up, generates one password, and then exits, only about 1 in 12000 (= 2**(45.6-32)) of the possible passwords can be generated.

If you're generating many passwords at once, they are going to be highly correlated. Someone can in principle use their password to guess what the next password will be. There are about 5 or 6 (= 2**(48-45.6)) possible next passwords. An old node of mine shows how this can be done (Predict Random Numbers).

Bottom line: Use a secure random number generator.

  • Comment on Re^3: String::MkPasswd still supported?

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1102441]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others admiring the Monastery: (7)
As of 2024-04-25 09:03 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found