-Original Message-
From: bo...@apache.org [mailto:bo...@apache.org]
Sent: zondag 15 januari 2012 1:37
To: comm...@apr.apache.org
Subject: svn commit: r1231605 - /apr/apr/trunk/tables/apr_hash.c
Author: bojan
Date: Sun Jan 15 00:37:14 2012
New Revision: 1231605
URL:
On Sun, 2012-01-15 at 18:06 +0100, Bert Huijben wrote:
If you call srand() before every call to rand() the result is no longer
random.
Yes, I'm aware of that.
And in this case we do this inside a shared library, so this might introduce
other attack vectors in applications that use apr.
On Mon, 2012-01-16 at 08:38 +1100, Bojan Smojver wrote:
That is true. In fact, my first code to the list just used ht. We
could use ht and time to get random values. Same attack vectors as
noted by you above apply, of course.
Maybe like this?
--
Bojan
Index: tables/apr_hash.c