rtl_random_createPool explicit seeding with systemTime considered redundant?

Michael Stahl mstahl at redhat.com
Thu Dec 7 11:10:21 UTC 2017


On 07.12.2017 02:59, Thorsten Behrens wrote:
> Hi Stephan, dear fellow hackers,
> 
> there's a chunk of places in the code, where (cargo-culted?) a random
> pool gets fed with current system time, presumably to seed it with
> enough entropy:
> 
>     TimeValue aTime;
>     osl_getSystemTime( &aTime );
>     rtlRandomPool aRandomPool = rtl_random_createPool ();
>     rtl_random_addBytes ( aRandomPool, &aTime, 8 );
> 
> Then again, initPool() in sal/rtl/random.cxx already does the same, so
> that really looks redundant?

yes, definitely.

tbh i'd want to remove initPool, which is just a fallback path, as well
and just abort if osl_get_system_random_data fails; if you don't have
/dev/urandom you can always fall back on the standard text editor ed(1).


-- 
DDJ: You've mentioned Edsger Dijkstra. What do you think of his work?
DK:  His great strength is that he is uncompromising. It would make
     him physically ill to think of programming in C++.



More information about the LibreOffice mailing list