From owner-freebsd-questions@FreeBSD.ORG Fri Sep 29 06:38:27 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9008616A403 for ; Fri, 29 Sep 2006 06:38:27 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.187.76.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B41443D46 for ; Fri, 29 Sep 2006 06:38:25 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from [IPv6:::1] (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.13.8/8.13.8) with ESMTP id k8T6c0xv001356; Fri, 29 Sep 2006 07:38:00 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) Authentication-Results: smtp.infracaninophile.co.uk from=m.seaman@infracaninophile.co.uk; sender-id=softfail; spf=softfail X-SenderID: Sendmail Sender-ID Filter v0.2.14 smtp.infracaninophile.co.uk k8T6c0xv001356 Message-ID: <451CBF41.1010208@infracaninophile.co.uk> Date: Fri, 29 Sep 2006 07:37:53 +0100 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 1.5.0.7 (X11/20060915) MIME-Version: 1.0 To: "Marc G. Fournier" References: <20060928232533.Y51847@ganymede.hub.org> In-Reply-To: <20060928232533.Y51847@ganymede.hub.org> X-Enigmail-Version: 0.94.0.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig6552E66A44F1AB20E84D8EA2" X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (smtp.infracaninophile.co.uk [IPv6:::1]); Fri, 29 Sep 2006 07:38:20 +0100 (BST) X-Virus-Scanned: ClamAV version 0.88.4, clamav-milter version 0.88.4 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00, DKIM_POLICY_TESTING, NO_RELAYS autolearn=ham version=3.1.5 X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on happy-idiot-talk.infracaninophile.co.uk Cc: freebsd-questions@freebsd.org Subject: Re: BSDStats v4.0: Attempt to address some major issues ... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Sep 2006 06:38:27 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig6552E66A44F1AB20E84D8EA2 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Marc G. Fournier wrote: > I've increased the size of the IDTOKEN to 32 from 16, since I've been > noticing alot of duplicates when two hosts submit at close to the same > time ... Ummm... that's actually really bad. That means that the RNG used by Open= SSL (hence SSH and others) is not actually producing anything like a proper random sequence for a lot of people. Hence all sorts of crypto handled b= y those machines is potentially vulnerable to attack. If this is the case,= going from 16 to 32 bytes of random token won't actually help at all. On the other hand, the duplicates could be the result of people deliberat= ely trying to frig the statistics or just innocently running the 300.statisti= cs script manually several times. In either case, entries with duplicate to= kens should be discarded -- I guess you'ld always want to keep just the last e= ntry for any token. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig6552E66A44F1AB20E84D8EA2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFHL9H8Mjk52CukIwRCJIWAJ9l3ytuP5Lo+E9uL5M3hJ7+8mFy4ACePerB zUkToHsLR6LFeaD2EsFdvWo= =Zl1C -----END PGP SIGNATURE----- --------------enig6552E66A44F1AB20E84D8EA2--