Re: part after colon @ initiatorname.iscsi
Ulrich Windl wrote: > On 31 Mar 2009 at 11:19, Mike Christie wrote: > >> HIMANSHU wrote: >>> "iqn.2005-03.org.open-iscsi:d612b128bb59" this is my >>> "initiatorname.iscsi". >>> What the part after colon actually signifies and from where it comes? >> It is just a unique id. You can set it to whatever you want if you have >> a different naming scheme you prefer. >> >> The default value is just a random number, which I guess is not random >> enough :) > > In case someone is thinking on how to make a unique random string: There's a > utility named "uuidgen -r" (part of e2fsprogs) that creates strings that > should be > unique enough (Like "fe5a7f1a-8f4f-49b1-bec0-7ccfdf0cb850"). Unfortunately > "uuid" > is not a valid iSCSI naming scheme, so you'll have to append the UUID (RFC > 4122) > after the colon. > >> The name is generated with the attached program. This gets run when you >> do a "make install". > > Hi, having had a small look at it, I wonder (please see rfc 4086 on > "Randomness > Requirements for Security"): when picking 16 random bytes, why feeding those > into > MD5 and adding more data of little randomness, and finally selecting > "randomly" > six bytes from the random data? If the first 16 bytes are random, you don't > add > anything to the randomness by those operations. If the initial bytes are not > very > random, you also add little. Why not simply using the hex-string of those 16 > bytes > (or less)? Also, these days SHA-1 is much preferrable to MD5, and the RFC > recommands AES, but maybe that's overkill for the purpose. With six bytes > making > 48 bits (12 characters), one could also use alphanumerical characters to > encode > more bits: Unless I'm wrong, you'll encode 71 bits with a 12-chracacter > string > like "7FSsmEnHiSCW", and even 65 bits in a 11-character string. With a 22- > character string you'll encode the full 128 bit (actually 131) of the initial > random sequence. > I will look into this. We just took the iscsi-iname program from the old linux-iscsi code and have not worried about or even looked at it much until now. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "open-iscsi" group. To post to this group, send email to open-iscsi@googlegroups.com To unsubscribe from this group, send email to open-iscsi+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/open-iscsi -~--~~~~--~~--~--~---
Re: part after colon @ initiatorname.iscsi
On 31 Mar 2009 at 11:19, Mike Christie wrote: > HIMANSHU wrote: > > "iqn.2005-03.org.open-iscsi:d612b128bb59" this is my > > "initiatorname.iscsi". > > What the part after colon actually signifies and from where it comes? > > It is just a unique id. You can set it to whatever you want if you have > a different naming scheme you prefer. > > The default value is just a random number, which I guess is not random > enough :) In case someone is thinking on how to make a unique random string: There's a utility named "uuidgen -r" (part of e2fsprogs) that creates strings that should be unique enough (Like "fe5a7f1a-8f4f-49b1-bec0-7ccfdf0cb850"). Unfortunately "uuid" is not a valid iSCSI naming scheme, so you'll have to append the UUID (RFC 4122) after the colon. > > The name is generated with the attached program. This gets run when you > do a "make install". Hi, having had a small look at it, I wonder (please see rfc 4086 on "Randomness Requirements for Security"): when picking 16 random bytes, why feeding those into MD5 and adding more data of little randomness, and finally selecting "randomly" six bytes from the random data? If the first 16 bytes are random, you don't add anything to the randomness by those operations. If the initial bytes are not very random, you also add little. Why not simply using the hex-string of those 16 bytes (or less)? Also, these days SHA-1 is much preferrable to MD5, and the RFC recommands AES, but maybe that's overkill for the purpose. With six bytes making 48 bits (12 characters), one could also use alphanumerical characters to encode more bits: Unless I'm wrong, you'll encode 71 bits with a 12-chracacter string like "7FSsmEnHiSCW", and even 65 bits in a 11-character string. With a 22- character string you'll encode the full 128 bit (actually 131) of the initial random sequence. > > > > If I installed open-iscsi on different machine.then also I get the > > same number i.e "d612b128bb59" after colon. > > Is this something you can easily reproduce? > > > initiatorname is supposed to be unique?right? > > Yeah, it is supposed to be unique. Regards, Ulrich --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "open-iscsi" group. To post to this group, send email to open-iscsi@googlegroups.com To unsubscribe from this group, send email to open-iscsi+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/open-iscsi -~--~~~~--~~--~--~---
Re: part after colon @ initiatorname.iscsi
On 31 Mar 2009 at 5:46, HIMANSHU wrote: > > "iqn.2005-03.org.open-iscsi:d612b128bb59" this is my > "initiatorname.iscsi". > What the part after colon actually signifies and from where it comes? > If I installed open-iscsi on different machine.then also I get the > same number i.e "d612b128bb59" after colon. For SLES10, a unique number is created during RPM installation. See page 33 of RFC 3720 (3.2.6.3.1. Type "iqn." (iSCSI Qualified Name)): The iSCSI qualified name string consists of: - The string "iqn.", used to distinguish these names from "eui." formatted names. - A date code, in -mm format. This date MUST be a date during which the naming authority owned the domain name used in this format, and SHOULD be the first month in which the domain name was owned by this naming authority at 00:01 GMT of the first day of the month. This date code uses the Gregorian calendar. All four digits in the year must be present. Both digits of the month must be present, with January == "01" and December == "12". The dash must be included. - A dot "." - The reversed domain name of the naming authority (person or organization) creating this iSCSI name. - An optional, colon (:) prefixed, string within the character set and length boundaries that the owner of the domain name deems appropriate. This may contain product types, serial numbers, host identifiers, or software keys (e.g., it may include colons to separate organization boundaries). With the exception of the colon prefix, the owner of the domain name can assign everything after the reversed domain name as desired. It is the responsibility of the entity that is the naming authority to ensure that the iSCSI names it assigns are worldwide unique. For example, "Example Storage Arrays, Inc.", might own the domain name "example.com". > initiatorname is supposed to be unique?right? Yes! Regards, Ulrich --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "open-iscsi" group. To post to this group, send email to open-iscsi@googlegroups.com To unsubscribe from this group, send email to open-iscsi+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/open-iscsi -~--~~~~--~~--~--~---
Re: part after colon @ initiatorname.iscsi
HIMANSHU wrote:
> "iqn.2005-03.org.open-iscsi:d612b128bb59" this is my
> "initiatorname.iscsi".
> What the part after colon actually signifies and from where it comes?
It is just a unique id. You can set it to whatever you want if you have
a different naming scheme you prefer.
The default value is just a random number, which I guess is not random
enough :)
The name is generated with the attached program. This gets run when you
do a "make install".
> If I installed open-iscsi on different machine.then also I get the
> same number i.e "d612b128bb59" after colon.
Is this something you can easily reproduce?
> initiatorname is supposed to be unique?right?
Yeah, it is supposed to be unique.
> >
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"open-iscsi" group.
To post to this group, send email to open-iscsi@googlegroups.com
To unsubscribe from this group, send email to
open-iscsi+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/open-iscsi
-~--~~~~--~~--~--~---
/*
* iSCSI InitiatorName creation utility
* Copyright (C) 2001 Cisco Systems, Inc.
* maintained by linux-iscsi-de...@lists.sourceforge.net
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published
* by the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* See the file COPYING included with this distribution for more details.
*
* $Id: iscsi-iname.c,v 1.1.2.3 2005/03/15 06:33:44 wysochanski Exp $
*
* iscsi-iname.c - Compute an iSCSI InitiatorName for this host.
* Note that to ensure uniqueness, the system time is
* a factor. This name must be cached and only regenerated
* if there is no cached value.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include "md5.h"
#define RANDOM_NUM_GENERATOR "/dev/urandom"
int
main(int argc, char *argv[])
{
char iname[256];
struct timeval time;
struct utsname system_info;
long hostid;
struct MD5Context context;
unsigned char digest[16];
unsigned char *bytes = digest;
unsigned char entropy[16];
int e;
int fd;
char *prefix;
/* initialize */
memset(iname, 0, sizeof (iname));
memset(digest, 0, sizeof (digest));
memset(&context, 0, sizeof (context));
MD5Init(&context);
/* take a prefix if given, otherwise use a default. */
if (argc > 1 && argv[1]) {
prefix = argv[1];
if (( strcmp(prefix, "-h") == 0 ) ||
( strcmp(prefix, "--help") == 0 )) {
printf("\nDisplays the iSCSI initiator name\n");
exit(0);
} else if ( strcmp(prefix, "-p") == 0 ) {
prefix = argv[2];
} else {
printf("\nUsage: iscsi-iname [-h | --help | "
"-p ]\n");
exit(0);
}
} else {
prefix = "iqn.2005-03.org.open-iscsi";
}
/* try to feed some entropy from the pool to MD5 in order to get
* uniqueness properties
*/
if ((fd = open(RANDOM_NUM_GENERATOR, O_RDONLY))) {
e = read(fd, &entropy, 16);
if (e >= 1)
MD5Update(&context, (md5byte *)entropy, e);
close(fd);
}
/* time the name is created is a factor in order to get
* uniqueness properties
*/
if (gettimeofday(&time, NULL) < 0) {
perror("error: gettimeofday failed");
return 1;
}
MD5Update(&context, (md5byte *) & time.tv_sec, sizeof (time.tv_sec));
MD5Update(&context, (md5byte *) & time.tv_usec, sizeof (time.tv_usec));
/* hostid */
hostid = gethostid();
MD5Update(&context, (md5byte *) & hostid, sizeof (hostid));
/* get the hostname and system name */
if (uname(&system_info) < 0) {
perror("error: uname failed");
return 1;
}
MD5Update(&context, (md5byte *) system_info.sysname,
sizeof (system_info.sysname));
MD5Update(&context, (md5byte *) system_info.nodename,
sizeof (system_info.nodename));
MD5Update(&context, (md5byte *) system_info.release,
sizeof (system_info.release));
MD5Update(&context, (md5byte *) system_info.version,
sizeof (system_info.version));
MD5Update(&context, (md5byte *) system_info.machine,
sizeof (system_info.machine));
/* compute the md5 hash of all the bits we just collected */
MD5Final(digest, &context);
/* vary which md5 bytes we pick (though we probably don't need to do
* this, since hopefully MD5 produces results such that each byte is as
* good as any other).
*/
if ((fd = open(RANDOM_NUM_GENERATOR, O_RDONLY))) {
if (read(fd, entropy, 1) == 1)
bytes = &digest[(entropy[0] % (sizeof(digest) - 6))];
close(fd);
}
/* print the prefix followed by 6 bytes of the MD5 hash */
sprintf(iname, "%s:%x%x%x%x%x%x", prefix,
bytes[0], bytes[1], bytes[2]
