[PATCH v3] Seed random generator in main()
abartlet at samba.org
Wed Jun 17 03:15:17 MDT 2015
On Wed, 2015-06-17 at 08:15 +0200, Volker Lendecke wrote:
> On Wed, Jun 17, 2015 at 05:11:37PM +1200, Andrew Bartlett wrote:
> > In other parts of Samba we just use the generate_random() function,
> > which avoids needing to think about all this. We have cryptographic
> > random numbers in Samba, we can just use those for this.
> > We set up a PRNG using MD4 over a RC4 stream from 40 bytes of random
> > data. It isn't the best, but it avoids the bad pattern of using
> > srandom() et al, which will just trigger folks either re-using in more
> > important places or alternately writing to us with 'security' warnings
> > about using it.
> So you're suggesting to only ever use the
> generate_random_buffer() always?
I think so. I realise there is a difference between random for
shuffling and random for other purposes, but it seems easier to just
stick to better the random numbers outside smbtorture.
Despite how I expressed it above, I don't feel very strongly about it
however, and I'm willing to be convinced otherwise. CTDB seems to use
random() a lot, presumably for similar shuffling.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical