Re: [Libguestfs] [libguestfs] make_random_password(): avoid modulo bias, and do not deplete system entropy (#9)

Following the link to builder.ml from your blogpost I noticed the make_random_password () function, and I have some suggestions, well nitpicks really. See the 2 commits from this pull request. 1. Using Ocaml's buffered I/O means that one make_random_password() call reads 64k bytes from /dev/urandom which drops the system's entropy to minimum ~128 bits. The fix is to use unbuffered I/O from the Unix module. 2. There is a modulo bias when generating the random password: [0,256) mod 60 won't give you uniformly distributed bytes. In this particular case it probably doesn't matter, but you never know when someone copy+pastes your code into their project thinking this is a proper way to generate random passwords, so IMHO its best to avoid the modulo bias. See here for more details: http://eternallyconfuzzled.com/arts/jsw_art_rand.aspx And see arc4random_uniform's implementation: http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/arc4random.c?rev... 3. The generated password needs ~2^107 brute-force attempts (16 * log2(60) + log2(default_rounds=5000)), which is more than enough of course, but usually 128-bit strength is used for keys. A password length of 20 characters would achieve that. My pull request doesn't include this change, its up to you. You can merge this Pull Request by running: git pull https://github.com/edwintorok/libguestfs make_random_password-fixes Or you can view, comment on it, or merge it online at: https://github.com/libguestfs/libguestfs/pull/9 -- Commit Summary -- * Do not use buffered reads on /dev/urandom * Avoid modulo bias in random password generation -- File Changes -- M builder/builder.ml (22) -- Patch Links -- https://github.com/libguestfs/libguestfs/pull/9.patch https://github.com/libguestfs/libguestfs/pull/9.diff