Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.4: Random password widgets may not be random' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Random password widgets may not be random
Authored by: grikdog on Sep 02, '05 10:21:00AM
It should be reading from /dev/rand -- Mac OS X 10.2 and up uses Yarrow to drive its rand device, so input from there is "virtually" (i.e., perfectly for all practical purposes) random. Even if entropy fades, as I understand it, the algorithm simply begins emulating a PRNG which has been seeded with a very large random key.

[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: ekc on Sep 02, '05 03:43:48PM
I think it's actually /dev/random you want to be reading, but I second what you're saying. Pseudo-random number generators like Math.random() were never meant for cryptography. You want a nice, non-reproduceable data source feeding your password generator, and /dev/random is probably about as close as you can get without sampling white noise.

[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: KenaiTheMacFan on Sep 11, '05 05:40:43PM

What is Yarrow?

---
Ian



[ Reply to This | # ]