On Thu, Feb 28, 2019 at 11:42:41PM -0500, Devin Hussey wrote: > This is a new patch to follow up to my non-cryptographic hash patch > that is a little higher quality and has a PoC DoS script.
> 3. Seeding at startup. I try to read from /dev/urandom and fall > back to using clock(). This serves as the seed for the hash functions, > and makes things much less predictable so it can't just be shut down > with a static script. On any modern platform, please use getentropy() instead. It does the same thing as reading from /dev/urandom, yet is: * faster (dash is usually preferred over bash because of speed, and a file open is slow enough to be noticeable) * immune to file exhaustion attacks Meow! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ ⢿⡄⠘⠷⠚⠋⠀ Have you accepted Khorne as your lord and saviour? ⠈⠳⣄⠀⠀⠀⠀
