From owner-cvs-all  Tue Feb  5 10:41:14 2002
Delivered-To: cvs-all@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7F95F37B42A; Tue,  5 Feb 2002 10:41:05 -0800 (PST)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.6/8.11.6) id g15If0b06831;
	Tue, 5 Feb 2002 21:41:00 +0300 (MSK)
	(envelope-from ache)
Date: Tue, 5 Feb 2002 21:40:59 +0300
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Mark Murray <markm@FreeBSD.org>, des@FreeBSD.org
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/lib/libpam/modules/pam_unix pam_unix.c
Message-ID: <20020205184059.GA6785@nagual.pp.ru>
References: <200202040028.g140SsC86408@freefall.freebsd.org> <20020205122043.GA3192@nagual.pp.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020205122043.GA3192@nagual.pp.ru>
User-Agent: Mutt/1.3.27i
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On Tue, Feb 05, 2002 at 15:20:44 +0300, Andrey A. Chernov wrote:
> 
> 1) You break applications which expect the same sequence from random()  
> (when initializing srandom() to some fixed value) since insert random()  
> calls in the middle of application ones.

In case my description is unclear, here is example:

App:
srandom(33);
random();
random();
call PAM library
	PAM calls random();
	PAM calls random()
	return;
random(); <--- expected sequence is broken here.


> 2) Since you not use srandom(), the code producing the same sequence from
> random() in case application do use random().

I see you try to compensate it by "* time", but why you even need random()  
in that case? Use some fixed numbers array.

> What is wrong with my arc4random() patch? arc4random() is not slower then 
> random() incorrectly used now.

BTW, arc4random() is not something "cryptographical", it is just RNG for
libraries and it is already commonly used in many places in many
libraries.

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message