Kyle, On Wed, Apr 24, 2013 at 01:48:58PM -0600, Kyle Wheeler wrote: > Assuming mkstemps() is sufficient for safely creating temporary > files, is there a reason not to simply borrow the FreeBSD > implementation? Their implementation seems relatively > straightforward and only relies on arc4random.c, which is entirely > self-contained.
This comes back to another point I made: identifying what systems are considered supported. The implementation uses /dev/urandom, which both Linux and FreeBSD have, but not all systems do. Most modern POSIX-like systems do, but again... what's supported? There is (I think) one little problem with that implementation though: there's contingency code in the implementation for when opening /dev/urandom fails, but it just takes whatever was on the stack at the address of the data structure it allocates there. This is a very bad source of randomness. On systems that implement a secure stack, that value will be pre-initialized to a known value (probably 0 or some special implementation-specific value--there's a term for this but it escapes me at the moment). On systems that don't implement a secure stack, the value will depend on runtime-specific usage patterns, which may or may not be random, and which an attacker may be able to manipulate in some cases. If you can't open /dev/urandom on a system that has it, your system is broken, and in security-sensitive contexts, you should probably fail hard. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
pgpUrZXkncHQS.pgp
Description: PGP signature
