Hi, After reading and trying to work around the #88831 bug (http://bugs.gentoo.org/show_bug.cgi?id=88831), I realized that the automatic generation of passwords and alike is done by using just the $RANDOM bash function, which is pretty weak (among that, wrongly used, can cause some overhead).
I worked out a simplistic crypto.eclass that implements the following functions: get_random_string_seed5(): Generates a random string (33 bytes) using a simplistic seeding method with 5 salts that uses the $RNGDEVICE (pseudo-)random numbers generator device to gather entropy, and MD5 to calculate pseudo-random sums/hashes to be used for calculating the final MD5 sum/hash, that is, the (pseudo-)random string to be used finally (ie. for generating a random password value to be used in automatically-created configuration or installation files). The seeds (1,2,3,4,5) are, respectively: 1000, 10, 1000, 50 & 1000 bytes long. get_random_string_seed1(): Same as get_random_string_seed5() but using only 1 seed. Good if we want to avoid entropy pool exhausting in certain cases. The only one seed is 1000 bytes long. No parameters get_random_string_int_md5(): Uses the $RANDOM internal Bash function that returns a pseudo-random integer in the range 0 - 32767, used 4 times to get (usually) 19-21 bytes of pseudo random data (ie. 1626436901920922388), then generates a MD5 sum/hash. No parameters get_random_string_int() Same as get_random_string_int_md5() but not generating a MD5 sum/hash of the obtained pseudo-random data. No parameters Also, any crypto-related function should get it inside such eclass instead of placing the same code in every ebuild requiring the same or similar operation, that is, we must reuse code as much as possible, and providing stronger solutions, indeed. The eclass can be found at: http://pearls.tuxedo-es.org/gentoo/crypto.eclass to test it, you can use: http://pearls.tuxedo-es.org/gentoo/test-crypto-eclass.sh Currently, the ebuilds that may benefit of this eclass directly are: dev-db/phpmyadmin net-mail/gnubiff sys-libs/nss-mysql mail-filter/dspam There's currently a possible problem regarding collisions in the ebuild(s): net-irc/irc-server at: IRCUID=$RANDOM $RANDOM can't assure that the returned integer doesn't represent an existing uid, thus, a new function might be good to handle these cases, that checks for existing uid before setting the value of the randomly generated integer. The list was provided by Elfyn (thanks!): http://dev.gentoo.org/~beu/bash-RANDOM-utilising-ebuild.txt Thanks in advance, Cheers. -- Lorenzo Hernández García-Hierro <[EMAIL PROTECTED]> -- gentoo-dev@gentoo.org mailing list
