[TUHS] early unix rand
Paul Winalski
paul.winalski at gmail.com
Wed Mar 13 02:23:37 AEST 2024
On 3/12/24, Douglas McIlroy <douglas.mcilroy at dartmouth.edu> wrote:
>
> That was a memorable
> error. Guessing that the passwords were generated by
> a simple encoding of the output of rand, Ken promptly
> broke 100% of the newly "hardened" password file.
To do that wouldn't you need to know the seed value that was used? Or
did this version of rand() always generate the same sequence of
pseudo-random numbers?
One problem with random password generation is to avoid generating
passwords that are or contain naughty words. VAX/VMS version 4.0
added an option for random password generation. They had a very
extensive list of naughty words in many different languages to filter
the random passwords. During beta test they got a bug report from a
high school. The naughty words text file was world-readable and
students were amusing themselves by reading it. At release the file
was protected so that only privileged users could read it.
-Paul W.
More information about the TUHS
mailing list