Fix PRNG seeding to resist guessing
We seed it with value of time(). It's the traditional way, but it
provides only a few bits of effective entropy when an attacker has a
rough idea when the program started.
Instead, seed with a kernel random number. If we can't get one, fall
back to a hash of gettimeofday() and getpid(). This should happen
only on old systems or Windows. Far worse than a kernel random
number, but far better than using time().
Note that fairland used to seed with time() + getpid() until commit
331aac2a (v4.2.20) dropped the getpid(), claiming it didn't improve
the randomness. Perhaps it didn't under Windows then, but it
certainly did elsewhere, so it was a regression.
This commit is contained in:
parent
39c26f4238
commit
9102ecce54
4 changed files with 68 additions and 2 deletions
|
|
@ -179,9 +179,10 @@ main(int argc, char *argv[])
|
|||
int opt;
|
||||
char *config_file = NULL;
|
||||
int i = 0;
|
||||
int seed_set = 0;
|
||||
|
||||
program_name = argv[0];
|
||||
rnd_seed = time(NULL);
|
||||
rnd_seed = 0;
|
||||
|
||||
while ((opt = getopt(argc, argv, "ae:hioqR:s:v")) != EOF) {
|
||||
switch (opt) {
|
||||
|
|
@ -202,6 +203,7 @@ main(int argc, char *argv[])
|
|||
break;
|
||||
case 'R':
|
||||
rnd_seed = strtoul(optarg, NULL, 10);
|
||||
seed_set = 1;
|
||||
break;
|
||||
case 's':
|
||||
outfile = optarg;
|
||||
|
|
@ -219,6 +221,8 @@ main(int argc, char *argv[])
|
|||
}
|
||||
parse_args(argc - optind, argv + optind);
|
||||
|
||||
if (!seed_set)
|
||||
rnd_seed = pick_seed();
|
||||
seed_prng(rnd_seed);
|
||||
empfile_init();
|
||||
if (emp_config(config_file) < 0)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue