Date: Fri, 29 Sep 2006 07:37:53 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: "Marc G. Fournier" <freebsd@hub.org> Cc: freebsd-questions@freebsd.org Subject: Re: BSDStats v4.0: Attempt to address some major issues ... Message-ID: <451CBF41.1010208@infracaninophile.co.uk> In-Reply-To: <20060928232533.Y51847@ganymede.hub.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
Marc G. Fournier wrote:
> I've increased the size of the IDTOKEN to 32 from 16, since I've been
> noticing alot of duplicates when two hosts submit at close to the same
> time ...
Ummm... that's actually really bad. That means that the RNG used by OpenSSL
(hence SSH and others) is not actually producing anything like a proper
random sequence for a lot of people. Hence all sorts of crypto handled by
those machines is potentially vulnerable to attack. If this is the case,
going from 16 to 32 bytes of random token won't actually help at all.
On the other hand, the duplicates could be the result of people deliberately
trying to frig the statistics or just innocently running the 300.statistics
script manually several times. In either case, entries with duplicate tokens
should be discarded -- I guess you'ld always want to keep just the last entry
for any token.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFHL9H8Mjk52CukIwRCJIWAJ9l3ytuP5Lo+E9uL5M3hJ7+8mFy4ACePerB
zUkToHsLR6LFeaD2EsFdvWo=
=Zl1C
-----END PGP SIGNATURE-----
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?451CBF41.1010208>