Bulat Ziganshin
Hello Bit,
Wednesday, October 29, 2008, 4:32:51 PM, you wrote:
It's a good idea to salt your passwords before hashing, though. See What can be used for generating a random salt? Is System.Random secure enough?
if you use mkStdRNG it's good enough for non high-secure programs. it inits rnd generator with current time upo to picoseconds (if your OS provides such granularity). you can add a bit f security by reading a few bytes from /dev/urandom and passing these to mkStdRNG
...or by pinging a random host and taking the time difference, checking the current cpu temperature and fan speed, counting how many times your process gets suspended in a certain amount of time, taking a picture of a lava lamp and hashing it, booting windows, not doing anything, and measure the time it takes to crash, hashing a snapshot of the slashdot frontpage, and, last, but not least, measuring the amount of spam per second currently swooshing into your mail account. -- (c) this sig last receiving data processing entity. Inspect headers for copyright history. All rights reserved. Copying, hiring, renting, performance and/or quoting of this signature prohibited.