A strange function behaviour in random password generator

A strange function behaviour in random password generator

[nix]

Hi, I have just coded a random password generator. It works good but one
might want to show me how to do it with rand48() as it´s output is
strange.

The problem:

./random_pass.sh
iNkiuG
iNkiuG6K

6 first chars are the same for both passwords.

The question:

How to fix the above problem without redefining the same function inside a
loop and calling it again?

[CODE]

#!/bin/zsh

zmodload zsh/terminfo
emulate zsh

function random () {

local length=$1

[ -z "$length" ] && { echo "Error: lenght" ; exit 0 }

if [[ $length != <-> ]] ; then
echo "Error: lenght is non-numeric" ; exit 0
fi

seeds="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
seeds_count="${#seeds}"

z="0"
local password=""
local variable=inside

until [ $z -eq $length ] ; do

pos=$((RANDOM%$seeds_count+1))
password+=$(echo $seeds[$pos])
let "z++"

done

echo -n $password
}

MY_RCON=$(random 6)

echo $MY_RCON

MY_PASS=$(random 8)

echo $MY_PASS

Re: A strange function behaviour in random password generator

[Mikael Magnusson]

On 6 December 2010 14:15,  <nix@myproxylists.com> wrote:
> Hi, I have just coded a random password generator. It works good but one
> might want to show me how to do it with rand48() as it愀 output is
> strange.
>
> The problem:
>
> ./random_pass.sh
> iNkiuG
> iNkiuG6K
>
> 6 first chars are the same for both passwords.

> [...]

> pos=$((RANDOM%$seeds_count+1))
> MY_RCON=$(random 6)
> MY_PASS=$(random 8)

If you access $RANDOM in a subshell, the parent shell doesn't know
about it, and next time it forks a subshell the state will be
identical.

-- 
Mikael Magnusson

Re: A strange function behaviour in random password generator

[Peter Stephenson]

On Mon, 6 Dec 2010 14:39:41 +0100
Mikael Magnusson <mikachu@gmail.com> wrote:
> On 6 December 2010 14:15,  <nix@myproxylists.com> wrote:
> > Hi, I have just coded a random password generator. It works good
> > but one might want to show me how to do it with rand48() as its
> > output is strange.
> >
> > The problem:
> >
> > ./random_pass.sh
> > iNkiuG
> > iNkiuG6K
> >
> > 6 first chars are the same for both passwords.
>
> > [...]
>
> > pos=$((RANDOM%$seeds_count+1))
> > MY_RCON=$(random 6)
> > MY_PASS=$(random 8)
>
> If you access $RANDOM in a subshell, the parent shell doesn't know
> about it, and next time it forks a subshell the state will be
> identical.

That's what the seed argument for rand48 is for.  Here's a function that
creates a seed in a file and always uses that file.  The new random number
is in $REPLY.  There are all sorts of possible improvements.

rand48() {
  local sfile=~/.zsh_rand48
  zmodload -i zsh/mathfunc

  if [[ ! -f $sfile ]]; then
    touch $sfile
    chmod 600 $sfile
    # Warning: this is not very random.
    # OK for pseudorandom statistics, bad for security.
    printf "%.4x%.4x%.4x\n" $RANDOM $RANDOM $RANDOM >$sfile
  fi

  local seed="$(<$sfile)"

  typeset -g REPLY=$(( rand48(seed) ))

  print $seed >$sfile
}


-- 
Peter Stephenson <pws@csr.com>            Software Engineer
Tel: +44 (0)1223 692070                   Cambridge Silicon Radio Limited
Churchill House, Cambridge Business Park, Cowley Road, Cambridge, CB4 0WZ, UK


Member of the CSR plc group of companies. CSR plc registered in England and Wales, registered number 4187346, registered office Churchill House, Cambridge Business Park, Cowley Road, Cambridge, CB4 0WZ, United Kingdom

Re: A strange function behaviour in random password generator

[PJ Weisberg]

On Mon, Dec 6, 2010 at 5:15 AM,  <nix@myproxylists.com> wrote:
> Hi, I have just coded a random password generator. It works good but one
> might want to show me how to do it with rand48() as it愀 output is
> strange.

The fundamental problem is that you're writing your own security code,
which is almost always a terrible idea.

Re: A strange function behaviour in random password generator

[nix]

> On Mon, 6 Dec 2010 14:39:41 +0100
> Mikael Magnusson <mikachu@gmail.com> wrote:
>> On 6 December 2010 14:15,  <nix@myproxylists.com> wrote:
>> > Hi, I have just coded a random password generator. It works good
>> > but one might want to show me how to do it with rand48() as its
>> > output is strange.
>> >
>> > The problem:
>> >
>> > ./random_pass.sh
>> > iNkiuG
>> > iNkiuG6K
>> >
>> > 6 first chars are the same for both passwords.
>>
>> > [...]
>>
>> > pos=$((RANDOM%$seeds_count+1))
>> > MY_RCON=$(random 6)
>> > MY_PASS=$(random 8)
>>
>> If you access $RANDOM in a subshell, the parent shell doesn't know
>> about it, and next time it forks a subshell the state will be
>> identical.
>

Thanks Mikael for pointing it out.

> That's what the seed argument for rand48 is for.  Here's a function that
> creates a seed in a file and always uses that file.  The new random number
> is in $REPLY.  There are all sorts of possible improvements.
>
> rand48() {
>   local sfile=~/.zsh_rand48
>   zmodload -i zsh/mathfunc
>
>   if [[ ! -f $sfile ]]; then
>     touch $sfile
>     chmod 600 $sfile
>     # Warning: this is not very random.
>     # OK for pseudorandom statistics, bad for security.
>     printf "%.4x%.4x%.4x\n" $RANDOM $RANDOM $RANDOM >$sfile
>   fi
>
>   local seed="$(<$sfile)"
>
>   typeset -g REPLY=$(( rand48(seed) ))
>
>   print $seed >$sfile
> }
>
>

I think I could now write the same password generator using rand48() based
on your example but i am afraid I would have to use external commands for
sorting the output.

> --
> Peter Stephenson <pws@csr.com>            Software Engineer
> Tel: +44 (0)1223 692070                   Cambridge Silicon Radio Limited
> Churchill House, Cambridge Business Park, Cowley Road, Cambridge, CB4 0WZ,
> UK
>
>
> Member of the CSR plc group of companies. CSR plc registered in England
> and Wales, registered number 4187346, registered office Churchill House,
> Cambridge Business Park, Cowley Road, Cambridge, CB4 0WZ, United Kingdom
>