empire/empserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
5110 commits 12 branches 77 tags 15 MiB
Commit graph

4 commits

Author SHA1 Message Date
Markus Armbruster
9102ecce54 Fix PRNG seeding to resist guessing 
We seed it with value of time().  It's the traditional way, but it
provides only a few bits of effective entropy when an attacker has a
rough idea when the program started.

Instead, seed with a kernel random number.  If we can't get one, fall
back to a hash of gettimeofday() and getpid().  This should happen
only on old systems or Windows.  Far worse than a kernel random
number, but far better than using time().

Note that fairland used to seed with time() + getpid() until commit
331aac2a (v4.2.20) dropped the getpid(), claiming it didn't improve
the randomness.  Perhaps it didn't under Windows then, but it
certainly did elsewhere, so it was a regression.
 2013-05-08 06:55:21 +02:00
Markus Armbruster
54ddcd0f5a New pct_chance(), for clarity, and symmetry with chance() 2013-05-08 06:55:20 +02:00
Markus Armbruster
866859e912 Encapsulate direct use of random(), srandom() in chance.c 
Wrap roll0() around random(), and seed_prng() around srandom().  In
preparation of replacing the PRNG.
 2013-05-08 06:55:20 +02:00
Markus Armbruster
8eb78a5a80 Move declarations for chance.c to new chance.h 2013-05-08 06:55:20 +02:00