From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tuhs-bounces@tuhs.org>
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_ADSP_CUSTOM_MED,
	DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,T_SCC_BODY_TEXT_LINE
	autolearn=ham autolearn_force=no version=3.4.4
Received: from minnie.tuhs.org (minnie.tuhs.org [50.116.15.146])
	by inbox.vuxu.org (Postfix) with ESMTP id 83BD22428E
	for <ml@inbox.vuxu.org>; Tue, 12 Mar 2024 17:23:48 +0100 (CET)
Received: from minnie.tuhs.org (localhost [IPv6:::1])
	by minnie.tuhs.org (Postfix) with ESMTP id 0039342894;
	Wed, 13 Mar 2024 02:23:43 +1000 (AEST)
Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com [IPv6:2607:f8b0:4864:20::102d])
	by minnie.tuhs.org (Postfix) with ESMTPS id 9B9134286C
	for <tuhs@tuhs.org>; Wed, 13 Mar 2024 02:23:38 +1000 (AEST)
Received: by mail-pj1-x102d.google.com with SMTP id 98e67ed59e1d1-29be5386b74so1974033a91.3
        for <tuhs@tuhs.org>; Tue, 12 Mar 2024 09:23:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1710260618; x=1710865418; darn=tuhs.org;
        h=cc:to:subject:message-id:date:from:references:in-reply-to
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=M5dvCXYxRjNtztMhtFhhVPj6AdAV/arZ9ASo/oxW2Fo=;
        b=GWJgY+LwPWpCqvMXsGkxhDTisZ8MxrsKzG7lZgsBekFn2y+cQddY1xwYLdKMDP+umo
         hsV7iybfbph35ioiJaYIq+iN55BEo6G464gOnVM9zwxP8W6UpTS40BtrtyuWxz4z/iUg
         MUd2V5bKKtGQDJDdlZbeq75LdZvFlD0EdtxqxImdh03nRLhrqDLDNyvUKn7cRmwfLeNx
         EF+HY+uREKkBtR7dMr+VS+GmKcNJDNyqD3zleK95zSqHEiCf9jli4s+S8ZT1lgot0MM3
         yplJMJK9dIKhFBxQ2dHJr1Ai1w7TXfIQFG/hbB5i/G9gLTGiEFnvTiW+9ZfEQTo4k3TT
         zEMg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710260618; x=1710865418;
        h=cc:to:subject:message-id:date:from:references:in-reply-to
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=M5dvCXYxRjNtztMhtFhhVPj6AdAV/arZ9ASo/oxW2Fo=;
        b=OVZgou20qmVzjE2DBWesqwo35OVTtKXQaZD5b+0Lej1423agTxGe1lUi4xC7NqXUAc
         jX6KwWWMm7w8xmPTNGcJV5Wv4+yFSR5GUAYyVzoME9wHtUjRhkD/m3gyQZqy993XHBd4
         ZUXYC3L1JkQw9Kqjd5RhiqigE+2wzzaqJKjfzNHJbYcp7zQJAC0zEp4uZbyGpDP5uahO
         XDc84rgUXdCNSGHiWMga6dt6g3GMItc1kWU3fqhE1rNIa/4Cr34+S14vJUnNalTf5KX9
         WjYpM+DxZT+DRAWDKYCYCgrMBvuspfOisGNv42QTO/NMpihHkAyGo+BGXoYTdNp3ViHX
         uunQ==
X-Gm-Message-State: AOJu0YzqiHn8YoCsUoMiwq4lmlHfwZv+B1PNUOlUcUkRKBXkYA5G8PCT
	A3h0yrnrwECF1KAtklXpnxmXUAPi/V6Q6/BHpAkuNa3kAXL3M4odap1jNoVu2cfkSWyrqNOSYNf
	sxqOQRXepmKVtpUiFV2is59dmc4I=
X-Google-Smtp-Source: AGHT+IGtTUDChV0MVZze+FQohhxTFdMRoTIK0rn7AJPyUSW0N1XFbLqeR9mvhYRbRs1fV2yRiY7T9RJSQRGr+wo8QUQ=
X-Received: by 2002:a17:90b:510:b0:29b:4a20:18b7 with SMTP id
 r16-20020a17090b051000b0029b4a2018b7mr2366256pjz.8.1710260618037; Tue, 12 Mar
 2024 09:23:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6a10:d602:b0:53d:14e:3576 with HTTP; Tue, 12 Mar 2024
 09:23:37 -0700 (PDT)
In-Reply-To: <CAKH6PiXnww2bvj_Y0AGfq+rHdfhK3aLo01Mzb2mAc7AQ+R6TGg@mail.gmail.com>
References: <CAKH6PiXnww2bvj_Y0AGfq+rHdfhK3aLo01Mzb2mAc7AQ+R6TGg@mail.gmail.com>
From: Paul Winalski <paul.winalski@gmail.com>
Date: Tue, 12 Mar 2024 12:23:37 -0400
Message-ID: <CABH=_VSR8ETtzuGssj12jBOvHoBtnXMDmoWWtUiH33NKMLQUcw@mail.gmail.com>
To: Douglas McIlroy <douglas.mcilroy@dartmouth.edu>
Content-Type: text/plain; charset="UTF-8"
Message-ID-Hash: J7D3STJIQNB2DLDLGEG5VNZYIMN22AIY
X-Message-ID-Hash: J7D3STJIQNB2DLDLGEG5VNZYIMN22AIY
X-MailFrom: paul.winalski@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: TUHS main list <tuhs@tuhs.org>
X-Mailman-Version: 3.3.6b1
Precedence: list
Subject: [TUHS] Re: early unix rand
List-Id: The Unix Heritage Society mailing list <tuhs.tuhs.org>
Archived-At: <https://www.tuhs.org/mailman3/hyperkitty/list/tuhs@tuhs.org/message/J7D3STJIQNB2DLDLGEG5VNZYIMN22AIY/>
List-Archive: <https://www.tuhs.org/mailman3/hyperkitty/list/tuhs@tuhs.org/>
List-Help: <mailto:tuhs-request@tuhs.org?subject=help>
List-Owner: <mailto:tuhs-owner@tuhs.org>
List-Post: <mailto:tuhs@tuhs.org>
List-Subscribe: <mailto:tuhs-join@tuhs.org>
List-Unsubscribe: <mailto:tuhs-leave@tuhs.org>

On 3/12/24, Douglas McIlroy <douglas.mcilroy@dartmouth.edu> wrote:
>
> That was a memorable
> error. Guessing that the passwords were generated by
> a simple encoding of the output of rand, Ken promptly
> broke 100% of the newly "hardened" password file.

To do that wouldn't you need to know the seed value that was used?  Or
did this version of rand() always generate the same sequence of
pseudo-random numbers?

One problem with random password generation is to avoid generating
passwords that are or contain naughty words.  VAX/VMS version 4.0
added an option for random password generation.  They had a very
extensive list of naughty words in many different languages to filter
the random passwords.  During beta test they got a bug report from a
high school.  The naughty words text file was world-readable and
students were amusing themselves by reading it.  At release the file
was protected so that only privileged users could read it.

-Paul W.