[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: getppid misused as entropy source
- To: tech_(_at_)_openbsd_(_dot_)_org
- Subject: Re: getppid misused as entropy source
- From: Fabio Olive Leite <fabio_(_dot_)_olive_(_at_)_gmail_(_dot_)_com>
- Date: Wed, 9 Mar 2005 13:53:50 -0300
- Mail-followup-to: tech_(_at_)_openbsd_(_dot_)_org
On Tue, Mar 08, 2005 at 10:14:20PM +0100, Bruno Rohee wrote:
> Well, I looked at the RADIUS RFC and your proposal is at least
> partially wrong.
> The field in the RADIUS request that you proposed to randomize
> is defined as NAS-Port in RFC 2865 and is used to specify which
> port of the device the login requester connect to. One can then
> limit login in his RADIUS configuration to something like people
> connecting only via the modem plugged on the second serial port
> (which number is returned by the ttyslot() code). Your proposed
> change just break that feature for no good reasons.
Oh, I see it now: I saw "auth_port" and immediately thought about
TCP/UDP port, thus I thought ttyslot() was nonsensical, because I
thought the code was just trying to supply a random value. Dumb me,
sorry for the noise.
> But it was not at all a case a getppid() used as a source of entropy
> as you thought.
Thanks for such an elaborate response for my proposal. It turns out I
have to remember to do my homework better next time I go change code.
Thanks also to all who answered privately and pointed out my mistakes.
I drowned in the universal pool of entropy
Eris has saved me, and she has set me free