[Popcon-developers] Bug#854712: popularity-contest.postinst is doing silly things with /dev/urandom
On Thu, Feb 09, 2017 at 01:23:26PM -0500, sacrificial-spam-address at sciencehorizons.net wrote:
> Package: popularity-contest
> Version: 1.64
>
> generate_id() {
> if which uuidgen >/dev/null 2>&1; then
> MY_HOSTID=`uuidgen | tr -d -`
> else
> MY_HOSTID=`dd if=/dev/urandom bs=1k count=1 2>/dev/null | md5sum | sed 's/ -//'''`
> fi
> }
>
> A few notes:
>
> 1) You do not need, and should not use, 1 kilobyte of entropy to generate
> a 16-byte random number. You should use 128 bits of seed material,
> not 8192!
> 2) If you want a random uuid, then /proc/sys/kernel/random/uuid will
> provide one for you, just like uuidgen.
> 3) There's no need to hash the output of /dev/urandom. Simpler would be
> to just use "od -x -An -N16 /dev/urandom". (od and md5sum are both
> in coreutils.)
Hello Sacrificial,
Thanks for your suggestion.
When this code was written, uuidgen was Essential: yes and so was available
on every Debian system, so the second method was never used.
Which kernel version provides /proc/sys/kernel/random/uuid ?
What about kfreebsd ?
Cheers,
--
Bill. <ballombe at debian.org>
Imagine a large red swirl here.
Reply to: