[PATCH v3] Seed random generator in main()
Simo
simo at samba.org
Wed Jun 17 07:49:31 MDT 2015
On Wed, 2015-06-17 at 15:38 +0200, Volker Lendecke wrote:
> On Wed, Jun 17, 2015 at 09:36:00AM -0400, Simo wrote:
> > On Wed, 2015-06-17 at 08:23 +0200, Volker Lendecke wrote:
> > > On Wed, Jun 17, 2015 at 05:11:37PM +1200, Andrew Bartlett wrote:
> > > > In other parts of Samba we just use the generate_random() function,
> > > > which avoids needing to think about all this. We have cryptographic
> > > > random numbers in Samba, we can just use those for this.
> > > >
> > > > We set up a PRNG using MD4 over a RC4 stream from 40 bytes of random
> > > > data. It isn't the best, but it avoids the bad pattern of using
> > > > srandom() et al, which will just trigger folks either re-using in more
> > > > important places or alternately writing to us with 'security' warnings
> > > > about using it.
> > >
> > > Seen from another angle: The BSD world seems to settle on
> > > the arc4random family of functions. There's a libbsd
> > > replacement on Linux for those. Shouldn't we get rid of our
> > > own random number generator and just use that, possibly with
> > > the libbsd code in libreplace?
> >
> > Why are we not just using urandom ? Why do we want to get in the
> > business of guaranteeing proper random number generation ????
>
> Portability?
krb5 runs on all platforms and uses cryptographically secure PRNGs
(urandom on Linux), perhaps we can use that libraries for random number
generation.
Simo.
--
Simo Sorce
More information about the samba-technical
mailing list