Ulrich Windl wrote:
> On 31 Mar 2009 at 11:19, Mike Christie wrote:
> 
>> HIMANSHU wrote:
>>> "iqn.2005-03.org.open-iscsi:d612b128bb59" this is my
>>> "initiatorname.iscsi".
>>> What the part after colon actually signifies and from where it comes?
>> It is just a unique id. You can set it to whatever you want if you have 
>> a different naming scheme you prefer.
>>
>> The default value is just a random number, which I guess is not random 
>> enough :)
> 
> In case someone is thinking on how to make a unique random string: There's a 
> utility named "uuidgen -r" (part of e2fsprogs) that creates strings that 
> should be 
> unique enough (Like "fe5a7f1a-8f4f-49b1-bec0-7ccfdf0cb850"). Unfortunately 
> "uuid" 
> is not a valid iSCSI naming scheme, so you'll have to append the UUID (RFC 
> 4122) 
> after the colon.
> 
>> The name is generated with the attached program. This gets run when you 
>> do a "make install".
> 
> Hi, having had a small look at it, I wonder (please see rfc 4086 on 
> "Randomness 
> Requirements for Security"): when picking 16 random bytes, why feeding those 
> into 
> MD5 and adding more data of little randomness, and finally selecting 
> "randomly" 
> six bytes from the random data? If the first 16 bytes are random, you don't 
> add 
> anything to the randomness by those operations. If the initial bytes are not 
> very 
> random, you also add little. Why not simply using the hex-string of those 16 
> bytes 
> (or less)? Also, these days SHA-1 is much preferrable to MD5, and the RFC 
> recommands AES, but maybe that's overkill for the purpose. With six bytes 
> making 
> 48 bits (12 characters), one could also use alphanumerical characters to 
> encode 
> more bits: Unless I'm wrong, you'll encode 71 bits with a 12-chracacter 
> string 
> like "7FSsmEnHiSCW", and even 65 bits in a 11-character string. With a 22-
> character string you'll encode the full 128 bit (actually 131) of the initial 
> random sequence.
> 

I will look into this. We just took the iscsi-iname program from the old 
linux-iscsi code and have not worried about or even looked at it much 
until now.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"open-iscsi" group.
To post to this group, send email to open-iscsi@googlegroups.com
To unsubscribe from this group, send email to 
open-iscsi+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/open-iscsi
-~----------~----~----~----~------~----~------~--~---

Reply via email to