On Sun, Feb 07, 2010 at 08:54:04PM +0100, Otto Moerbeek wrote: > On Sun, Feb 07, 2010 at 10:42:40PM +0300, Vadim Zhukov wrote: > > > On 7 February 2010 c. 21:59:33 Brad Tilley wrote: > > > I wrote a small cpp application to generate randomish passwords. It > > > compiles and runs OK on OpenBSD, however, it does not seem to create > > > random strings (the first and last chars seldom ever change, etc). The > > > same code compiles and runs on Linux and Windows and *does* produce > > > randomish strings (no often repeating chars). The source code is small > > > and is contained in a single file. I placed it here along with > > > binaries for OpenBSD and Windows: > > > > > > http://16systems.com/downloads > > > > > > I could be doing something wrong. I've checked the source code several > > > times but nothing obvious stands out. I'll try a gcc compiler from > > > ports tomorrow to see if that makes a difference. Until then, I > > > thought I'd post to tech. Can anyone tell if I've made an error in the > > > source code? > > > > Yes, there is an error. Use random(3), as suggested in the rand(3). > > That is still wrong for this purpose. Although random(3) is a better > random number generator than rand, is still a cryptographic weak > generator.
Correction to myself: if you seed it with randomdev(), it might be good enough. > > Better use arc4random() That still applies, simple and no seeding considerations. > > -Otto
