[Bug 797086] matroskamux: don't store used UIDs

GStreamer (GNOME Bugzilla) bugzilla at gnome.org
Thu Sep 6 16:22:03 UTC 2018


https://bugzilla.gnome.org/show_bug.cgi?id=797086

--- Comment #7 from Martin Kelly <mkelly at xevo.com> ---
I agree that checking the GLib implementation to see if we should trust it is a
good idea. I did a bit of code reading as this is quite an interesting subject.

The short answer is that every library I can find generating random numbers on
Linux relies on /dev/urandom. This includes glib, libossp-uuid (which backs the
uuid -v4 command), the uuid function in the Linux kernel (which uses
get_random_bytes(), exported by /dev/urandom), and even an strace of openssh (I
didn't check the code in that case). In any case, it looks like all our random
number generation will be as good/bad as /dev/urandom. That said, I'm not a
crytographer, but it looks like /dev/urandom should be good enough for
practical purposes: https://www.2uo.de/myths-about-urandom.

On Windows, glib uses rand_s, which the documentation says is
"cryptographically secure"
(https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/rand-s). If
rand_s doesn't exist (Windows XP!), it uses the time as a seed and then applies
a Mersenne Twister algorithm to generate random numbers from that.

I think we should be OK in preventing collisions.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.


More information about the gstreamer-bugs mailing list