From: Paul Winalski <paul.winalski@gmail.com>
To: Douglas McIlroy <douglas.mcilroy@dartmouth.edu>
Cc: TUHS main list <tuhs@tuhs.org>
Subject: [TUHS] Re: early unix rand
Date: Tue, 12 Mar 2024 12:23:37 -0400 [thread overview]
Message-ID: <CABH=_VSR8ETtzuGssj12jBOvHoBtnXMDmoWWtUiH33NKMLQUcw@mail.gmail.com> (raw)
In-Reply-To: <CAKH6PiXnww2bvj_Y0AGfq+rHdfhK3aLo01Mzb2mAc7AQ+R6TGg@mail.gmail.com>
On 3/12/24, Douglas McIlroy <douglas.mcilroy@dartmouth.edu> wrote:
>
> That was a memorable
> error. Guessing that the passwords were generated by
> a simple encoding of the output of rand, Ken promptly
> broke 100% of the newly "hardened" password file.
To do that wouldn't you need to know the seed value that was used? Or
did this version of rand() always generate the same sequence of
pseudo-random numbers?
One problem with random password generation is to avoid generating
passwords that are or contain naughty words. VAX/VMS version 4.0
added an option for random password generation. They had a very
extensive list of naughty words in many different languages to filter
the random passwords. During beta test they got a bug report from a
high school. The naughty words text file was world-readable and
students were amusing themselves by reading it. At release the file
was protected so that only privileged users could read it.
-Paul W.
next prev parent reply other threads:[~2024-03-12 16:23 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-12 14:37 [TUHS] " Douglas McIlroy
2024-03-12 16:23 ` Paul Winalski [this message]
2024-03-12 16:47 ` [TUHS] Re: NSFW passwords William Cheswick
2024-03-13 1:22 ` [TUHS] Re: early unix rand Russ Cox
2024-03-12 16:32 ` Ken Thompson
-- strict thread matches above, loose matches on Subject: below --
2024-03-12 12:55 [TUHS] " Russ Cox
2024-03-12 18:08 ` [TUHS] " Russ Cox
2024-03-12 23:05 ` Jonathan Gray
2024-03-13 1:09 ` ron minnich
2024-03-13 16:41 ` ron minnich
2024-03-13 17:17 ` ron minnich
2024-03-13 20:25 ` Rob Pike
2024-03-13 20:34 ` Clem Cole
2024-03-14 19:24 ` Dave Horsfall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CABH=_VSR8ETtzuGssj12jBOvHoBtnXMDmoWWtUiH33NKMLQUcw@mail.gmail.com' \
--to=paul.winalski@gmail.com \
--cc=douglas.mcilroy@dartmouth.edu \
--cc=tuhs@tuhs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).