christf
commented
6 years ago this is addressed by #21 => I took this into a different PR.
Closed t-8ch closed 6 years ago
christf
commented
6 years ago this is addressed by #21 => I took this into a different PR.
t-8ch
commented
6 years ago Thinking about further, I think we should not use srand(time(0)).
If we have many systems rebooting at the same time, for example after a powercut in a big installation, we can experience duplicate nonces.
We should probably use getrandom(2) or /dev/urandom.
Personally I would prefer getrandom(2), but it requires Linux >= 3.17 and has no wrapper support in musl.
christf
commented
6 years ago we are on linux >4.4 so requiring kernel >=3.17 is no issue imho.
christf
commented
6 years ago this will be handled by #25 - no need to keep issue AND pr.
Currently
src/intercom.cusesrand()to produce nonces. This RNG is deterministic and seeded to the value 1 on startup. This makes nonce collisions quite likely.The RNG should be seeded with a nonconstant value.