Perl 克的熵可能比它们所需要的要大得多,这会使人精疲力竭。我们发现正是这一点 (Windows)弱哈希算法
除了32位问题之外,这可能是最薄弱的环节Perl 克的熵可能比它们所需要的要大得多,这会使人精疲力竭。我们发现正是这一点 (Windows)弱哈希算法,perl,security,random,reverse-engineering,srand,Perl,Security,Random,Reverse Engineering,Srand,除了32位问题之外,这可能是最薄弱的环节 它使用什么随机函数 一旦提供了一个种子,它将传递给哪个随机数函数?较差的兰德函数使猜测种子更容易。Perl寻找几个,通常以drand48结束。您可以看到它的用法:use-Config;打印$Config{randfunc}'。我不知道它工作得有多好,但是OSXDrand48手册页说,random(3)更强大,而Linux手册页说 该功能自…以来一直未被触及。。。哦,天哪,90年代末。它被移动到util.c,但还没有被认真地处理git Bull 132
- 它使用什么随机函数
drand48
结束。您可以看到它的用法:use-Config;打印$Config{randfunc}'
。我不知道它工作得有多好,但是OSXDrand48手册页说,random(3)
更强大,而Linux手册页说
该功能自…以来一直未被触及。。。哦,天哪,90年代末。它被移动到util.c,但还没有被认真地处理<代码>git Bull 132efe8bfb7cd0fb1beb15aaf284e33bf44eb1fa^pp.c显示真实历史,查找S_seed
。它可能需要一些爱。大多数其他语言都有。似乎是(现在)值得一看的地方。很明显它以前住在pp.c。看起来像是在说,但我不假装对这些有兴趣。
U32
Perl_seed(pTHX)
{
dVAR;
/*
* This is really just a quick hack which grabs various garbage
* values. It really should be a real hash algorithm which
* spreads the effect of every input bit onto every output bit,
* if someone who knows about such things would bother to write it.
* Might be a good idea to add that function to CORE as well.
* No numbers below come from careful analysis or anything here,
* except they are primes and SEED_C1 > 1E6 to get a full-width
* value from (tv_sec * SEED_C1 + tv_usec). The multipliers should
* probably be bigger too.
*/
#if RANDBITS > 16
# define SEED_C1 1000003
# define SEED_C4 73819
#else
# define SEED_C1 25747
# define SEED_C4 20639
#endif
#define SEED_C2 3
#define SEED_C3 269
#define SEED_C5 26107
#ifndef PERL_NO_DEV_RANDOM
int fd;
#endif
U32 u;
#ifdef VMS
# include <starlet.h>
/* when[] = (low 32 bits, high 32 bits) of time since epoch
* in 100-ns units, typically incremented ever 10 ms. */
unsigned int when[2];
#else
# ifdef HAS_GETTIMEOFDAY
struct timeval when;
# else
Time_t when;
# endif
#endif
/* This test is an escape hatch, this symbol isn't set by Configure. */
#ifndef PERL_NO_DEV_RANDOM
# ifndef PERL_RANDOM_DEVICE
/* /dev/random isn't used by default because reads from it will block
* if there isn't enough entropy available. You can compile with
* PERL_RANDOM_DEVICE to it if you'd prefer Perl to block until there
* is enough real entropy to fill the seed. */
# define PERL_RANDOM_DEVICE "/dev/urandom"
# endif
fd = PerlLIO_open(PERL_RANDOM_DEVICE, 0);
if (fd != -1) {
if (PerlLIO_read(fd, (void*)&u, sizeof u) != sizeof u)
u = 0;
PerlLIO_close(fd);
if (u)
return u;
}
#endif
#ifdef VMS
_ckvmssts(sys$gettim(when));
u = (U32)SEED_C1 * when[0] + (U32)SEED_C2 * when[1];
#else
# ifdef HAS_GETTIMEOFDAY
PerlProc_gettimeofday(&when,NULL);
u = (U32)SEED_C1 * when.tv_sec + (U32)SEED_C2 * when.tv_usec;
# else
(void)time(&when);
u = (U32)SEED_C1 * when;
# endif
#endif
u += SEED_C3 * (U32)PerlProc_getpid();
u += SEED_C4 * (U32)PTR2UV(PL_stack_sp);
#ifndef PLAN9 /* XXX Plan9 assembler chokes on this; fix needed */
u += SEED_C5 * (U32)PTR2UV(&when);
#endif
return u;
}