On 31 Mar 2009 at 11:19, Mike Christie wrote:

> HIMANSHU wrote:
> > "iqn.2005-03.org.open-iscsi:d612b128bb59" this is my
> > "initiatorname.iscsi".
> > What the part after colon actually signifies and from where it comes?
> 
> It is just a unique id. You can set it to whatever you want if you have 
> a different naming scheme you prefer.
> 
> The default value is just a random number, which I guess is not random 
> enough :)

In case someone is thinking on how to make a unique random string: There's a 
utility named "uuidgen -r" (part of e2fsprogs) that creates strings that should 
be 
unique enough (Like "fe5a7f1a-8f4f-49b1-bec0-7ccfdf0cb850"). Unfortunately 
"uuid" 
is not a valid iSCSI naming scheme, so you'll have to append the UUID (RFC 
4122) 
after the colon.

> 
> The name is generated with the attached program. This gets run when you 
> do a "make install".

Hi, having had a small look at it, I wonder (please see rfc 4086 on "Randomness 
Requirements for Security"): when picking 16 random bytes, why feeding those 
into 
MD5 and adding more data of little randomness, and finally selecting "randomly" 
six bytes from the random data? If the first 16 bytes are random, you don't add 
anything to the randomness by those operations. If the initial bytes are not 
very 
random, you also add little. Why not simply using the hex-string of those 16 
bytes 
(or less)? Also, these days SHA-1 is much preferrable to MD5, and the RFC 
recommands AES, but maybe that's overkill for the purpose. With six bytes 
making 
48 bits (12 characters), one could also use alphanumerical characters to encode 
more bits: Unless I'm wrong, you'll encode 71 bits with a 12-chracacter string 
like "7FSsmEnHiSCW", and even 65 bits in a 11-character string. With a 22-
character string you'll encode the full 128 bit (actually 131) of the initial 
random sequence.

> 
> 
> > If I installed open-iscsi on different machine.then also I get the
> > same number i.e "d612b128bb59" after colon.
> 
> Is this something you can easily reproduce?
> 
> > initiatorname is supposed to be unique?right?
> 
> Yeah, it is supposed to be unique.

Regards,
Ulrich


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"open-iscsi" group.
To post to this group, send email to open-iscsi@googlegroups.com
To unsubscribe from this group, send email to 
open-iscsi+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/open-iscsi
-~----------~----~----~----~------~----~------~--~---

Reply via email to