Re: [gdm-list] Security?

From: "Ray Strode" <halfline gmail com>
To: "Jiri Lebl" <jirka 5z com>
Cc: gdm-list gnome org
Subject: Re: [gdm-list] Security?
Date: Fri, 30 Nov 2007 22:45:04 -0500

Hi,

> >> If it isn't clear (it seems like it's not from your responses) I'm not
> >> tied to the g_rand_* apis at all, though.  I'm in the process of
> >> rewriting the code to use /dev/urandom.
> > I just commtted this patch to subversion:
> >
> > http://www.gnome.org/~halfline/urandom.patch
>
> There is no fallback if /dev/urandom is not available?
What fallbacks guarantee enough entropy to be comparable?

- pid and current time are usually sequential and easy to guess

if a platform someone cares about doesn't support /dev/urandom we'll
have to fix GDM to use a different prescribed mechanism for that
platform.  This is where having a suitable api in glib would really
shine...

--Ray

Follow-Ups:
- Re: [gdm-list] Security?
  - From: Jiri Lebl

References:
- Re: [gdm-list] Security?
  - From: Jiri Lebl

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]