The only place where random() is used for cryptographic functionality is in the zencrypt() function which is used for password hiding. Everything else is timer jitter or generating unique'ish id.
donald On Sat, Jun 20, 2015 at 12:53 AM, nolan <[email protected]> wrote: > On 06/19/2015 02:43 PM, Greg Troxel wrote: > >> So moving all srand/rand to random() sounds reasonable. Arguably there >> should only be a single seeding, but it's not clear to me that quagga is >> using this in places where cryptographically strong random numbers are >> needed, vs just avoiding timer synchronization. >> > > If Quagga is calling rand/srand/random in places where cryptographically > strong random numbers are needed, that is a serious bug. The PRNGs in > common libcs are not cryptographically strong. > > _______________________________________________ > Quagga-dev mailing list > [email protected] > https://lists.quagga.net/mailman/listinfo/quagga-dev >
_______________________________________________ Quagga-dev mailing list [email protected] https://lists.quagga.net/mailman/listinfo/quagga-dev
