Nov 062021
 

Someone asked me about this – a zsh function which I use to generate random passwords :-

✓ mike@pica» rpass noise
oOg6vsM+V0It4he6US4Xk6DuZPja9okyOpQyUCfW6NQ=
✓ mike@pica» rpass words
patternmaker+meio+tubicolous+misbelievingly

It’s too small and simple for me to classify as “open source” but there’s no harm in sharing the function :-

✓ mike@pica» which rpass
rpass () {
	case "$1" in
		("noise") dd if=/dev/random bs=1 count=32 status=none | base64 -i ;;
		("words") punct=("," "." "<" ">" "/" ";" ":" "-" "+" "=") 
			onep=${punct[$(($RANDOM % ${#punct[@]} + 1 ))]} 
			w1=$(shuf -n 1 /usr/share/dict/words | sed -e "s/'.*$//") 
			w2=$(shuf -n 1 /usr/share/dict/words | sed -e "s/'.*$//") 
			w3=$(shuf -n 1 /usr/share/dict/words | sed -e "s/'.*$//") 
			w4=$(shuf -n 1 /usr/share/dict/words | sed -e "s/'.*$//") 
			echo "${w1}${onep}${w2}${onep}${w3}${onep}${w4}" ;;
		("*") echo $1 not understood ;;
	esac
}

This is just a simple zsh function with all sorts of little “issues” – not least is that it could at least say “$1 not understood – try ‘words’ or ‘noise'”.

Jan 192017
 

Entropy.

Any serious cryptographic routines needs a good source of random numbers, and whilst Linux provides a random number generator by default it’s sources of entropy can be somewhat limited. Especially when you’re talking about a virtual machine.

Indeed if you try to pull too much randomness out of the Linux entropy pool (especially when it is especially limited), what you get might not be quite as random as you expect.

Which is where hardware randomness generators come in. And I finally have one (actually two), and have hooked them up. You may be able to guess what time I plugged it in from the graph below :-

So what real world difference does it make?

Well nothing is dramatically obvious, but :-

  1. I have slightly more confidence that any cryptographic software I might run has a good source of randomness and is less likely to accidentally perform poorly (in terms of cryptographic strength).
  2. Some cryptographic software blocks if the Linux entropy pool is empty; with a hardware source I can be more confident that any performance issues are not due to a lack of randomness.
Mar 252016
 

Recently I have been seeing quite a lot of usage of random.org (to pick out winners of various kinds of competitions; and no I’m not a winner). The documentation on that site are reasonable with regard to pseudo-random number generators but are not quite correct with regard to the source of random numbers under Linux. And for non-cryptographic uses, the following is fine.

The use of random.org momentarily made me wonder how I would do the equivalent at the Unix (or Linux) command-line, and having used the command before, the shuf command came to mind. To be honest shuffling is not what I think of randomisation given how bad I am at shuffling cards, but despite the name, shuf does pretty well at randomising things :-

» seq 1 10 | shuf
4
5
8
7
2
1
10
9
6
3

The seq command generates a sequence from 1-10 as given. It turns out that shuf can do it itself :-

» shuf -i 1-10
7
3
5
6
9
10
8
1
4
2

The most common (relatively) use I have for shuf is to pick out a random line or two from a file. By using the -n option, shuf can do this. The following example makes use of an example file which contains a small number of first names :-

» shuf -n 1 first-names 
Julian
» shuf -n 1 first-names
Ian
» shuf -n 1 first-names
Craig

If you have just a small selection to make, you can provide the list on the command line with the -em option :-

» shuf -n 1 -e Male Female
Female

And that is pretty much all there is to it – a simple tool that does just one thing well.

damascus-unix-prompt