Re: Good random number source in oracle

If it were me, I'd be taking a bunch of values (v$sysstat for example) and getting all mathematical all over the place to derive a seed value.

Example: (this usually evaluates as sledgehammer=crack(nut) btw...):

val0="table scan rows gotten"
val1=val0 * "consistent gets"
val2=val1 mod "table fetch by rowid" and so on...

At some point, seed the random number generator with the value you decide to stop at. Or, if you prefer, just give a few digits of your computed value back and don't bother with Oracle's random number generator.

Obviously, you don't want to go on a mad querying spree just to compute a random password, but you get the general idea.

ps. to find out all about how Oracle does it, check out ?/rdbms/admin/dbmsrand.sql (which isn't even a wrapped package).

"Peter J. Holzer" <hjp_at_enkur.wsr.ac.at> wrote in message news:slrn9e8iid.g2j.hjp_at_enkur.wsr.ac.at...
> I have a stored procedure which generates random passwords. Currently
> dbms_random.initialize is called with a value computed from sysdate.
> Of course this isn't very random, so if somebody knows the algorithm and
> the (approximate) time when a password was created, he can easily
> compute the password. So I am looking for values which can be used as
> "real" random number sources, I.e. values which change often and cannot
> be guessed with sufficient accuracy from the outside. Things like number
> of sessions, bytes read or written since last startup, etc.
>
> Any suggestions? (Apart from using dbms_pipe to call a script which
> reads /dev/random - I am aware of that possibility).
>
> Also I am interested in the internal workings of the dbms_random package
> (what kind of RNG it uses, etc.) Any pointers would be appreciated.
>
> hp
>
> --
> _ | Peter J. Holzer | It's nice to fix problems by accident.
> |_|_) | Sysadmin WSR / LUGA | -- Theo de Raadt
> | | | hjp_at_wsr.ac.at | <deraadt_at_CVS.OPENBSD.ORG>
> __/ | http://www.hjp.at/ | on bugtraq 2001-03-19
Received on Mon Apr 23 2001 - 11:44:18 CDT