Ulrich Windl wrote: > On 31 Mar 2009 at 11:19, Mike Christie wrote: > >> HIMANSHU wrote: >>> "iqn.2005-03.org.open-iscsi:d612b128bb59" this is my >>> "initiatorname.iscsi". >>> What the part after colon actually signifies and from where it comes? >> It is just a unique id. You can set it to whatever you want if you have >> a different naming scheme you prefer. >> >> The default value is just a random number, which I guess is not random >> enough :) > > In case someone is thinking on how to make a unique random string: There's a > utility named "uuidgen -r" (part of e2fsprogs) that creates strings that > should be > unique enough (Like "fe5a7f1a-8f4f-49b1-bec0-7ccfdf0cb850"). Unfortunately > "uuid" > is not a valid iSCSI naming scheme, so you'll have to append the UUID (RFC > 4122) > after the colon. > >> The name is generated with the attached program. This gets run when you >> do a "make install". > > Hi, having had a small look at it, I wonder (please see rfc 4086 on > "Randomness > Requirements for Security"): when picking 16 random bytes, why feeding those > into > MD5 and adding more data of little randomness, and finally selecting > "randomly" > six bytes from the random data? If the first 16 bytes are random, you don't > add > anything to the randomness by those operations. If the initial bytes are not > very > random, you also add little. Why not simply using the hex-string of those 16 > bytes > (or less)? Also, these days SHA-1 is much preferrable to MD5, and the RFC > recommands AES, but maybe that's overkill for the purpose. With six bytes > making > 48 bits (12 characters), one could also use alphanumerical characters to > encode > more bits: Unless I'm wrong, you'll encode 71 bits with a 12-chracacter > string > like "7FSsmEnHiSCW", and even 65 bits in a 11-character string. With a 22- > character string you'll encode the full 128 bit (actually 131) of the initial > random sequence. >
I will look into this. We just took the iscsi-iname program from the old linux-iscsi code and have not worried about or even looked at it much until now. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "open-iscsi" group. To post to this group, send email to open-iscsi@googlegroups.com To unsubscribe from this group, send email to open-iscsi+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/open-iscsi -~----------~----~----~----~------~----~------~--~---
