From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: from minnie.tuhs.org (minnie.tuhs.org [IPv6:2600:3c01:e000:146::1]) by inbox.vuxu.org (Postfix) with ESMTP id 435A4268D9 for ; Tue, 12 Mar 2024 15:38:03 +0100 (CET) Received: from minnie.tuhs.org (localhost [IPv6:::1]) by minnie.tuhs.org (Postfix) with ESMTP id F18844287E; Wed, 13 Mar 2024 00:37:58 +1000 (AEST) Received: from mail-ua1-x935.google.com (mail-ua1-x935.google.com [IPv6:2607:f8b0:4864:20::935]) by minnie.tuhs.org (Postfix) with ESMTPS id 045E44287B for ; Wed, 13 Mar 2024 00:37:52 +1000 (AEST) Received: by mail-ua1-x935.google.com with SMTP id a1e0cc1a2514c-7dbdab2c611so1434741241.1 for ; Tue, 12 Mar 2024 07:37:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dartmouth.edu; s=google1; t=1710254271; x=1710859071; darn=tuhs.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=X78AznheIUGdS4d8q3s44NEv6wd97r69Fp8ZFP4PrSY=; b=GIapCwj1aczTbMgP/L+ALWaWwhcYH+wAe/G0pvLo1Kq7qUU5MT3y9ecX2NyQjBZlJA AvgVedPKCuQ+SaYZurPsxAflP3y5zne9fuu7NuWUcPqvD2uyw4Lwx6+Fhrhwhl6vUtmX sSSjbZW+0xlfCW6t/4/uVaA6Z3uk/kGkt6lXXmZKjus8Wdtm/jTRe85wxsGnxLkwzEyB Kllv46k4iNduqWWiTBmjk88GP0CzultlDEcxBD3Z6hmF9qCbeM/2rQbjtpPgMJ606vOR Z1GOCazPN+dNVnIX83CdXoH4ZGyEfffeNyIikb3dNAhAdI+j/H5RdRIvibe7MxLElCTS 2n+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710254271; x=1710859071; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=X78AznheIUGdS4d8q3s44NEv6wd97r69Fp8ZFP4PrSY=; b=p5fJvD43CSkDixGrlRYzUBvEfRpNANZ784BYXyXynW40KrTe+dRxF/yGuZn0dmhi4v w9R/MxfTFyMJa+oJpEaADOqhEXLTt/3KJ3vIR1PgmPwZ1FIaH2D7pjIs6a5dvEoIeFpz DWA+V8GR11tNRGaNlvf6mL0C58toOKifpo18y1UfLd8cWn1b1CLDCP1nEuaP/MyLB7i+ NikYynWfYrER+6X8oXDhEAhFJ6nz5vT1BqiAVV8lKil7nvVzgpZftHT5EkFS+F9FllgH 2EDy9mW0WrM346iqNAPth+v1nSf2CPwv9kLbmnriNKG+kwO8hYYI0uGAEDAGRPFzoQEQ s7IQ== X-Gm-Message-State: AOJu0YxKXFq92ULWig5sa8fMyTBgZyqSkhBzIiAW2mr3l3Awb+eQdQVq 4/ru4CulOf+IbTbf/KD+YqlQtCXr9fGoLF+tqmYC5pawTS0mcYkZqH9BIT47p5FK9m3A4AVCHNe 51eVGzMD5Qp4n+dLoOBZ5SEpocAxRHXqD+81ULkutSLdIn+ESpXY= X-Google-Smtp-Source: AGHT+IHQpsPQpxuNJRWWmEXmh7ZwAd2P4MNVZa33sOtKkmfdsYEpf5wMN+KQiZfd/8o2bINLIAxpi1zbMXCnPV4H8jI= X-Received: by 2002:a67:fc13:0:b0:473:213e:d4af with SMTP id o19-20020a67fc13000000b00473213ed4afmr1811130vsq.21.1710254270891; Tue, 12 Mar 2024 07:37:50 -0700 (PDT) MIME-Version: 1.0 From: Douglas McIlroy Date: Tue, 12 Mar 2024 10:37:36 -0400 Message-ID: To: TUHS main list Content-Type: multipart/alternative; boundary="0000000000004b27a30613779aed" Message-ID-Hash: XXH4RBOP43ESK4A6NKW3GHNOEAZ6NTTW X-Message-ID-Hash: XXH4RBOP43ESK4A6NKW3GHNOEAZ6NTTW X-MailFrom: douglas.mcilroy@dartmouth.edu X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.6b1 Precedence: list Subject: [TUHS] early unix rand List-Id: The Unix Heritage Society mailing list Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --0000000000004b27a30613779aed Content-Type: text/plain; charset="UTF-8" > The author of this routine has been writing > random-number generators for many years and has > never been known to write one that worked. It sounds like Ken to me. Although everybody had his own favorite congruential random number generator, some worse than others, I believe it was Ken who put one in the math library. The very fact that rand existed, regardless of its quality, enabled a lovely exploit. When Ken pioneered password cracking by trying every word in word lists at hand, one of the password files he found plenty of hits in came from Berkeley. He told them and they responded by assigning random passwords to everybody. That was a memorable error. Guessing that the passwords were generated by a simple encoding of the output of rand, Ken promptly broke 100% of the newly "hardened" password file. Doug --0000000000004b27a30613779aed Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
=C2=A0> The author of this routin= e has been writing=C2=A0
>=C2=A0 =C2=A0random-number generator= s for many years and has=C2=A0
>=C2=A0 =C2=A0never been known = to write one that worked.

It sounds like Ken to me= . Although everybody had his
own favorite congruential random num= ber generator,
some worse than others, I believe it was Ken who p= ut
one in the math library.

The very fac= t that rand existed, regardless of its quality,
enabled a lovely = exploit. When Ken pioneered password
cracking by trying every wor= d in word lists at hand, one
of the password files he found plent= y of hits in came from=C2=A0
Berkeley. He told them and they resp= onded by assigning
random passwords to everybody. That was a = memorable
error. Guessing that the passwords were generated by
a simple encoding of the output of rand, Ken promptly=C2=A0
broke 100% of the newly "hardened" password file.=C2=A0
<= div>
Doug
--0000000000004b27a30613779aed--