rtl_random_createPool explicit seeding with systemTime considered redundant?
mstahl at redhat.com
Thu Dec 7 11:10:21 UTC 2017
On 07.12.2017 02:59, Thorsten Behrens wrote:
> Hi Stephan, dear fellow hackers,
> there's a chunk of places in the code, where (cargo-culted?) a random
> pool gets fed with current system time, presumably to seed it with
> enough entropy:
> TimeValue aTime;
> osl_getSystemTime( &aTime );
> rtlRandomPool aRandomPool = rtl_random_createPool ();
> rtl_random_addBytes ( aRandomPool, &aTime, 8 );
> Then again, initPool() in sal/rtl/random.cxx already does the same, so
> that really looks redundant?
tbh i'd want to remove initPool, which is just a fallback path, as well
and just abort if osl_get_system_random_data fails; if you don't have
/dev/urandom you can always fall back on the standard text editor ed(1).
DDJ: You've mentioned Edsger Dijkstra. What do you think of his work?
DK: His great strength is that he is uncompromising. It would make
him physically ill to think of programming in C++.
More information about the LibreOffice