improved thread safety?
Andrew Bartlett
abartlet at samba.org
Sun Jan 20 22:08:58 GMT 2008
On Sat, 2008-01-19 at 14:46 -0500, David Collier-Brown wrote:
> > Jelmer Vernooij wrote:
> >>> random
> >>> srandom
> >>
> >>
> >> I'm not sure what to do about these. Are there any better alternatives?
>
> Sun says "Newer and better performing random number generators such as
> addrans() and lcrans() are available" but they're older, solaris-only
> ones. Mac has arc4random(3), and so on...
>
> I suspect you may need to research portable random number routines,
> as used on multiple platforms by folks like Open SSH
The use of random() in Samba4 is numerous, but unimportant. It is used
extensively in the smbtorture suite (where setting the random seed with
srandom(), to obtain a reproducable run, is useful).
It is not used in any location where cryptographicly secure random data
is desirable.
We have a arcfour based PRNG we seed with /dev/urandom at startup, and I
only found 1 place where we actually wanted really, really secret
(rather than just non-repeating) random numbers in Samba's core code
(heimdal has it's own routines).
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080121/df31e8dc/attachment.bin
More information about the samba-technical
mailing list