2718.us blog » password http://2718.us/blog Miscellaneous Technological Geekery Tue, 18 May 2010 02:42:55 +0000 en hourly 1 http://wordpress.org/?v=3.0.4 A New Trick for When the OS X Screensaver Password Window Hangs http://2718.us/blog/2009/05/19/a-new-trick-for-when-the-os-x-screensaver-password-window-hangs/ http://2718.us/blog/2009/05/19/a-new-trick-for-when-the-os-x-screensaver-password-window-hangs/#comments Wed, 20 May 2009 03:38:35 +0000 2718.us http://2718.us/blog/?p=148 I have multiple computers, so I can easily ssh into my desktop when the screensaver password is hanging and won’t let me log in.

The not-so-new trick has been to use AppleScript on the command line to not-so-harshly close some applications (run osascript, then tell application "program name" to quit, followed by ctrl-D (EOF).

The new trick is to sudo kill SecurityAgent, sudo run SecurityAgent, put the machine to sleep, then wake it back up (necessary to get SecurityAgent to put up a new password window).

]]>
http://2718.us/blog/2009/05/19/a-new-trick-for-when-the-os-x-screensaver-password-window-hangs/feed/ 0
A Variety of Issues with Pseudo-Random Numbers in PHP http://2718.us/blog/2008/08/31/a-variety-of-issues-with-pseudo-random-numbers-in-php/ http://2718.us/blog/2008/08/31/a-variety-of-issues-with-pseudo-random-numbers-in-php/#comments Mon, 01 Sep 2008 01:10:22 +0000 2718.us http://2718.us/blog/?p=106 It appears that there are now demonstrated exploits of PHP apps that use mt_rand() and/or rand() as a result of issues of seeding in one application affecting the PRNG stream in another application that used the PRNG to generate passwords or similar such things.  From mt_srand and not so random numbers:

… it is strongly recommended for the PHP developers to add more secure random number functions to the PHP core and it is strongly recommended for PHP application developers to keep their fingers away from srand() or mt_srand() and to never ever use rand() or mt_rand() for cryptographic secrets.

It sounds like the PRNGs in PHP, mt_rand() and rand(), shouldn’t be used for anything security-related, and perhaps /dev/random or /dev/srandom or some such should be used instead (though this is much more system-dependent).

]]>
http://2718.us/blog/2008/08/31/a-variety-of-issues-with-pseudo-random-numbers-in-php/feed/ 0