A New Trick for When the OS X Screensaver Password Window Hangs

2718.us — Wed, 20 May 2009 03:38:35 +0000

I have multiple computers, so I can easily ssh into my desktop when the screensaver password is hanging and won’t let me log in.

The not-so-new trick has been to use AppleScript on the command line to not-so-harshly close some applications (run osascript, then tell application "program name" to quit, followed by ctrl-D (EOF).

The new trick is to sudo kill SecurityAgent, sudo run SecurityAgent, put the machine to sleep, then wake it back up (necessary to get SecurityAgent to put up a new password window).

A Variety of Issues with Pseudo-Random Numbers in PHP

2718.us — Mon, 01 Sep 2008 01:10:22 +0000

It appears that there are now demonstrated exploits of PHP apps that use mt_rand() and/or rand() as a result of issues of seeding in one application affecting the PRNG stream in another application that used the PRNG to generate passwords or similar such things. From mt_srand and not so random numbers:

… it is strongly recommended for the PHP developers to add more secure random number functions to the PHP core and it is strongly recommended for PHP application developers to keep their fingers away from srand() or mt_srand() and to never ever use rand() or mt_rand() for cryptographic secrets.

It sounds like the PRNGs in PHP, mt_rand() and rand(), shouldn’t be used for anything security-related, and perhaps /dev/random or /dev/srandom or some such should be used instead (though this is much more system-dependent).

2718.us blog » password

A New Trick for When the OS X Screensaver Password Window Hangs

A Variety of Issues with Pseudo-Random Numbers in PHP