[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 4 Apr 2006 09:21:40 +0100
From: Dave English <dave.english@...s.net>
To: bugtraq@...urityfocus.com
Subject: Re: Flaw in commonly used bash random seed method
In message
<a260a2190604031256g23cf3645s348f829530982b38@...l.gmail.com>, Matthijs
<thotter@...il.com> writes
>By the way, if the random function can only generate numbers between 0
>and 32767, won't 2 bytes be enough then? The algorithm will perform a
>modulo calculation anyway, so 4 bytes won't really add anything. Of
>course, it is much better then only one byte.
That will depend on whether the state stored between calls to the PRNG
is only 15-bits, or something larger.
If more state is stored than is enumerated in the result, then the
generator should have more points on its sequence than 32768 . In that
case then, seeding with more than 15 bits would be worthwhile.
I have not looked at Bash myself, to see what it actually does
--
Dave English Senior Software & Systems Engineer
Internet Platform Development, Thus plc
Download attachment "signature.asc" of type "application/pgp-signature" (179 bytes)
Powered by blists - more mailing lists