That's good to hear. Thanks for checking!
On 06/20/2015 05:47 AM, Donald Sharp wrote:
The only place where random() is used for cryptographic functionality is
in the zencrypt() function which is used for password hiding.
Everything else is timer jitter or generating unique'ish id.
donald
On Sat, Jun 20, 2015 at 12:53 AM, nolan <[email protected]
<mailto:[email protected]>> wrote:
On 06/19/2015 02:43 PM, Greg Troxel wrote:
So moving all srand/rand to random() sounds reasonable.
Arguably there
should only be a single seeding, but it's not clear to me that
quagga is
using this in places where cryptographically strong random
numbers are
needed, vs just avoiding timer synchronization.
If Quagga is calling rand/srand/random in places where
cryptographically strong random numbers are needed, that is a
serious bug. The PRNGs in common libcs are not cryptographically
strong.
_______________________________________________
Quagga-dev mailing list
[email protected] <mailto:[email protected]>
https://lists.quagga.net/mailman/listinfo/quagga-dev
_______________________________________________
Quagga-dev mailing list
[email protected]
https://lists.quagga.net/mailman/listinfo/quagga-dev
