Re: Password generator for AIX 5.2

From: Tommy Harbo (SP.tommy_at_bitnisse.dk.AM)
Date: 05/18/04

  • Next message: all mail refused: "Re: System call on Solaris 2.8 to retrieve current user's password" 
    Date: Tue, 18 May 2004 21:22:30 +0200

    Iain wrote:
    > toh@bec.dk (Tommy Harbo) wrote in message news:<14f45b08.0403160325.6b5c4c9e@posting.google.com>...
    >
    >>Hi,
    >>
    >>We have been using APG 2.2.3 on AIX 4.3 for more than a year without
    >>any problems, to generate passwords for new users.
    >>
    >>But after recently upgrading AIX to version 5.2, APG is extremely
    >>slow. First time it is runned it only take 0.02 seconds, but then it
    >>takes between 3 and 18 minuttes!!!
    >>
    >>I have tried to recompile it on AIX 5.2 both with gcc 3.3.2 and IBM
    >>Visual age C 6.0, but this dosn't help at all.
    >>
    >>Tommy Harbo
    >
    >
    > Hi Tommy,
    >
    > I'm not famailiar with APG but something in your description rings a
    > bell.
    >
    > I think what might be happening is that APG is detecting the presence
    > of /dev/random and using that for random data to help it generate the
    > password. Under AIX, /dev/random does not create that much data (but
    > it is very high quality - that's the trade-off). Typically when
    > reading from /dev/random you'll be able to read a few kb very quickly,
    > then it gets very slow as it has to wait for more random data to be
    > generated.
    >
    > You can test this hypothesis by running truss and seeing if it does
    > access /dev/random.
    >
    > If this is the problem, you could see if there is a configure flag
    > which tells APG not to use /dev/random. Alternatively, you can avoid
    > creating /dev/random in the first place (can't remember how - try the
    > AIX 5.2 differences guide at www.redbooks.ibm.com). Then it might
    > default to /dev/urandom (which for practical purposes here is just as
    > good) or some other method.
    >
    > I may be completely off the mark, of course.
    >
    > Iain.

    That's it!!!!

    It works perfectly if I use /dev/urandom instead!

    Thanks alot.

    /Tommy Harbo

  • Next message: all mail refused: "Re: System call on Solaris 2.8 to retrieve current user's password"