Source-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: src/sbin/newfs
David Laight <david%l8s.co.uk@localhost> writes:
> > > Log Message:
> > > Randomise di_igen for the first 2 blocks of inodes for non-UFS2
> > > filesystems.
> > > Randomise di_igen for "/" (and lost+found) for UFS2 filesystems.
> >
> > Am I correct in stating you are using random() for this!? random() is
> > not even remotely secure enough for a security critical purpose. Its a
> > linear congruential generator, and not even a good one.
>
> I'm just a bug-fixing monkey here...
> However fsirand only uses random() anyway, but does remember to do srandom()
> for what actual good it does!
>
> Maybe arc4random() could be used instead?
I'm not a huge believer in arc4random(), but it would be a strict (and
indeed substantial) improvement over a linear congruential generator,
yes. I would suggest making the alteration, and in the longer run we
should discuss improved algorithms.
Perry
--
Perry E. Metzger perry%piermont.com@localhost
Home |
Main Index |
Thread Index |
Old Index