"Ryan W. Maple" wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> You're right. Actually there is a better way to seed the PRNG with a less
> expnsive hit on the processor. Replace:
>
> srand (time ^ $$ ^ unpack "%L*", `ps axww | gzip`);
>
> with:
>
> srand (time ^ $$ ^ `head -1 /dev/urandom`);
>
> Just about every platform on which Webmin will run has either /dev/urandom
> or /dev/random, so you may want to make it /dev/random. Being as the temp
> files are as secure as possible the name is not as important as it would
> be if it were simply being put in /tmp with world-read/write/execute
> rights.
>
> However, using /dev/random can be VERY costly if the system does not have
> any entropy, as it will hang and wait for stuff to happen (disk seeks,
> keyboard input, etc). So urandom is much better then random in this case.
>
> In any case, like I said, the name is not that important. Most people
> don't know how to do enough analysis on a PRNG and break it. :) What you
> suggest should work very well.
>
> Just some time estimates:
>
> Using ps:
> 0.04user 0.06system 0:00.09elapsed 107%CPU (0avgtext+0avgdata 0maxresident)k
> 0.05user 0.04system 0:00.09elapsed 96%CPU (0avgtext+0avgdata 0maxresident)k
> 0.03user 0.06system 0:00.09elapsed 96%CPU (0avgtext+0avgdata 0maxresident)k
>
> Using urandom:
> 0.01user 0.02system 0:00.02elapsed 120%CPU (0avgtext+0avgdata 0maxresident)k
> 0.01user 0.01system 0:00.02elapsed 80%CPU (0avgtext+0avgdata 0maxresident)k
> 0.02user 0.01system 0:00.02elapsed 115%CPU (0avgtext+0avgdata 0maxresident)k
>
> Using random (note the time in #2, I had to bang on the keyboard):
> 0.01user 0.01system 0:00.01elapsed 111%CPU (0avgtext+0avgdata 0maxresident)k
> 0.02user 0.12system 0:04.74elapsed 2%CPU (0avgtext+0avgdata 0maxresident)k
> 0.01user 0.01system 0:00.01elapsed 117%CPU (0avgtext+0avgdata 0maxresident)k
>
> Wow, these emails keep on getting long. Sorry for my rambling. I haven't
> been reading Applied Cryptography lately, really... :)
>
> Cheers,
> Ryan
How about this for an improved tempname() function - it uses /dev/urandom
where available, though only reads 4 bytes for seeding srand() as any more
would be larger than the function can handle anyway.
# tempname([filename])
# Returns a mostly random temporary file name
sub tempname
{
while(1) {
local @st = lstat("/tmp/.webmin");
last if (!$st[4] && !$st[5] && $st[2] & 0x4000 &&
($st[2] & 0777) == 0755);
if (@st) {
unlink("/tmp/.webmin") || system("rm -rf /tmp/.webmin");
}
mkdir("/tmp/.webmin", 0755) || next;
chown(0, 0, "/tmp/.webmin");
chmod(0755, "/tmp/.webmin");
}
if (defined($_[0]) && $_[0] !~ /\.\./) {
return "/tmp/.webmin/$_[0]";
}
else {
$main::tempfilecount++;
if (!$main::done_tempname_srand++) {
# Seed the random number generator
if (open(RANDOM, "/dev/urandom")) {
local $buf;
read(RANDOM, $buf, 4);
close(RANDOM);
srand(time() ^ $$ ^ $buf);
}
else {
srand(time() ^ $$);
}
}
return "/tmp/.webmin/".int(rand(1000000))."_".
$main::tempfilecount."_".$scriptname;
}
}
- Jamie
|
