Re: random number stuff

From: Tim Janik <timj gtk org>
To: George <jirka 5z com>
Cc: Sebastian Wilhelmi <seppi seppi de>, Gtk+ Developers <gtk-devel-list gnome org>
Subject: Re: random number stuff
Date: Sat, 10 Jan 2004 02:41:02 +0100 (CET)

On Fri, 19 Dec 2003, George wrote:

> > > @@ -156,10 +175,31 @@ g_rand_new (void)
> > >    if (!dev_urandom_exists)
> > >      {
> > >        g_get_current_time (&now);
> > > -      seed = now.tv_sec ^ now.tv_usec;
> > > +      seed[0] = now.tv_sec;
> > > +      seed[1] = now.tv_usec;
> > > +      seed[2] = getpid ();
> > > +      seed[3] = getppid ();
> > > +    }
> > > +
> >
> > with array seeding, even if we have /dev/urandom, it wouldn't
> > hurt to add up the secs/usecs unconditionally.

[...]
> This is not to be used for crypto purposes anyway, and if anyone ever uses it
> in a security-critical application, they should be larted with extreme
> prejudice.  (Though xdm used system rand for generating the cookie and in
> some cases used time in seconds for the seed, in that case, using GRand would
> be infinitely better).

i was more thinking in terms of /dev/urandom being buggy, still
having g_get_current_time() then wouldn't hurt, and we'd get it
simply by *removing* an if() statement. but anyways...

> > those items fixed, the patch looks good to me, and i think
> > we should get that in before the freeze.
>
> Attached new patch to the bug

thanks for the new patch, i've applied it now.

>
> George
>

---
ciaoTJ

Follow-Ups:
- Re: random number stuff
  - From: George

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]