[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: a small C program to test xdm's /dev/mem reading on your architecture



On Mon, Aug 26, 2002 at 09:10:54PM +0200, Marcus Brinkmann wrote:
> On Mon, Aug 26, 2002 at 12:50:22PM -0500, Branden Robinson wrote:
> > > I can't believe he actually intends to keep it like this..
> > 
> > I'm going to #define DEV_RANDOM /dev/random for Linux systems.
> 
> That's bad, because that will drain the entropy a lot, and it might
> block for a long time, and that for no good reason as I don't think the
> magic cookie needs strong cryptographical security (for comparison: The
> secret key of a public key cryptography key pair should be created using
> /dev/random, while for session keys /dev/urandom is good enough).

/dev/random? /dev/urandom? You are kidding. This randmomness is used 
to create authorisation cookies for X which in my understanding provide 
ZERO security. Use plain libc rand() and the security is exactly the same.

Richard



Reply to: