SourceForge.net
2012-04-05 09:27:39 UTC
Bugs item #3515103, was opened at 2012-04-05 02:27
Message generated for change (Tracker Item Submitted) made by marcusmeissner
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=3515103&group_id=10127
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Marcus Meissner (marcusmeissner)
Assigned to: Nobody/Anonymous (nobody)
Summary: randomness for hash fix not enough
Initial Comment:
Hi,
the hash initialization with the current time(2) (seconds since 1970) is not
random enough in my opinion.
Attackers could guess and inject entries tailored to this specific second (or the ones around it).
If you use timebased tehcnologies, try gettimeofday() and use the fractional part tv_usec perhaps.?
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=3515103&group_id=10127
Message generated for change (Tracker Item Submitted) made by marcusmeissner
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=3515103&group_id=10127
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Marcus Meissner (marcusmeissner)
Assigned to: Nobody/Anonymous (nobody)
Summary: randomness for hash fix not enough
Initial Comment:
Hi,
the hash initialization with the current time(2) (seconds since 1970) is not
random enough in my opinion.
Attackers could guess and inject entries tailored to this specific second (or the ones around it).
If you use timebased tehcnologies, try gettimeofday() and use the fractional part tv_usec perhaps.?
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=3515103&group_id=10127