[Popcon-developers] Bug#854712: popularity-contest.postinst is doing silly things with /dev/urandom

Subject: [Popcon-developers] Bug#854712: popularity-contest.postinst is doing silly things with /dev/urandom
From: sacrificial-spam-address at sciencehorizons.net (sacrificial-spam-address@sciencehorizons.net)
Date: 9 Feb 2017 13:23:26 -0500
Message-id: <[🔎] 20170209182326.4640.qmail@ns.sciencehorizons.net>

Package: popularity-contest
Version: 1.64

generate_id() {
	if which uuidgen >/dev/null 2>&1; then
		MY_HOSTID=`uuidgen | tr -d -`
	else
		MY_HOSTID=`dd if=/dev/urandom bs=1k count=1 2>/dev/null | md5sum | sed 's/  -//'''`
	fi

}

A few notes:

1) You do not need, and should not use, 1 kilobyte of entropy to generate
   a 16-byte random number.  You should use 128 bits of seed material,
   not 8192!
2) If you want a random uuid, then /proc/sys/kernel/random/uuid will
   provide one for you, just like uuidgen.
3) There's no need to hash the output of /dev/urandom.  Simpler would be
   to just use "od -x -An -N16 /dev/urandom".  (od and md5sum are both
   in coreutils.)

I'd suggest:

	if which uuidgen >/dev/null 2>&1; then
		MY_HOSTID=`uuidgen -r | tr -d -`
	else if test -r /proc/sys/kernel/random/uuid; then
		MY_HOSTID=`tr -d - < /proc/sys/kernel/random/uuid`
	else
		MY_HOSTID=`od -x -An -N16 /dev/urandom | tr -d ' '`
	fi

Reply to:

Follow-Ups:
- [Popcon-developers] Bug#854712: popularity-contest.postinst is doing silly things with /dev/urandom
  - From: ballombe@debian.org (Bill Allombert)

Prev by Date: [Popcon-developers] Clustering popcon data for recommendaitons
Next by Date: [Popcon-developers] Bug#854712: popularity-contest.postinst is doing silly things with /dev/urandom
Previous by thread: [Popcon-developers] Clustering popcon data for recommendaitons
Next by thread: [Popcon-developers] Bug#854712: popularity-contest.postinst is doing silly things with /dev/urandom
Index(es):
- Date
- Thread