Re: genrand_unix problem on Solaris

From: Owen Taylor <otaylor redhat com>
To: orbit-list gnome org
Cc: Laszlo PETER <Laszlo Peter ireland sun com>
Subject: Re: genrand_unix problem on Solaris
Date: 19 Feb 2001 15:48:05 -0500

The point of genrand() is to produce a unpredictable key.

genrand_dev() does this in a very carefully controlled by
using /dev/random, if the kernel provides that.

genrand_unix() is a poor substitute that uses the theory
of "do lots of stuff in a crazy fashion and maybe it 
will be random".

I don't believe your genrand_lrand48() is unpredictable
at all - pseudo-random generators like that used by
random() and srand48() are 100% predictable as long as
the seed is known.

I don't know how the seed is initialized for random()
on Solaris; on many systems it will be constant value
like 1.

>  static gboolean
> +genrand_lrand48(guchar *buffer, int buf_len)
> +{
> +#ifdef HAVE_LRAND48
> +#ifndef LRAND48_MAX
> +#define LRAND48_MAX 2147483648.0
> +#endif
> +  int i;
> +  srand48(random());
> +
> +  for(i = 0; i < buf_len; i++)
> +    buffer[i] = (guchar) (lrand48() / (LRAND48_MAX / 256));
> +  return TRUE;
> +#else
> +  return FALSE;
> +#endif
> +}

I'm not sure what the state-of-the-art is for generating an
unpredictable seed on Solaris is. The traditional
random-seed-generation method is to combine the pid and the
time (perhaps from gettimeofday). The degree to which the
tv_usec value from gettimeofday() is unpredictable depends
on a lot on details of the system.

You might want to ask around, or take a look at security
related packages. The operation of generating an unpredictable
key is essential to many security-related tasks.

Regards,

                                        Owen

Follow-Ups:
- Re: genrand_unix problem on Solaris
  - From: Laszlo PETER

References:
- genrand_unix problem on Solaris
  - From: Laszlo PETER

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]