One Time Passwords via an SMS Gateway with BIG-IP Access Policy Manager
Published Feb 08, 2011
Version 1.0Was this article helpful?
"The generator algorithm is a simple linear congruential generator that is not cryptographically secure. Each result from rand completely determines all future results from subsequent calls to rand, so rand should not be used to generate a sequence of secrets, such as one-time passwords. The seed of the generator is initialized from the internal clock of the machine or may be set with the srand function." http://www.tcl.tk/man/tcl8.4/TclCmd/expr.htmM38
The article below mentions both the AES::key option and also the CRYPTO::keygen function (in 11.1) as ways to generate a more random and secure value.
https://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/39/aft/2161610/showtab/groupforums/Default.aspx2261273