[Bug 28990] LibUUID dependency problematic for OSX and Windows
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon Oct 4 14:32:07 CEST 2010
https://bugs.freedesktop.org/show_bug.cgi?id=28990
--- Comment #11 from Nicolas Dufresne <nicolas.dufresne at collabora.co.uk> 2010-10-04 05:32:06 PDT ---
(In reply to comment #9)
> > + /* Fill with random. The g_random_int() call uses Mersenne Twister PRNG
> > + * seeded with /dev/random or the current time, which comply with
> > + * RFC4122 requirement.
>
> That's the "general-purpose PRNG with a relatively small amount of state" that
> I mentioned previously. RFC4122 says:
>
> See Section 4.5 for a discussion on random numbers.
>
> and in that section
>
> A better solution is to obtain a 47-bit cryptographic quality random
> number
> ...
> Advice on generating cryptographic-quality random numbers can be
> found in RFC1750 [5].
>
> Reference [5] is in fact to RFC4086, which obsoletes RFC1750, and discusses
> /dev/random and Windows' CryptGenRandom.
>
> Since Qt is LGPL these days, porting the Qt implementation (which Will linked
> above) to C might be a good basis for UUID generation.
>
> It'd also be reasonable to have Gabble/telepathy-glib support both e2fsprogs
> uuid and OSSP uuid: see Bug #22972 for more background on that (and why uuid.h
> could come from either!).
The PRNG in GLib is seeded with /dev/random, which is a cryptographic source of
entropy. Also, we need to evaluate the *risk* according to our use of it, this
risk is very low since Gabble does not consume a very large amount of it.
Couple of millions of states (that all depend on a cryptographic seed) is way
enough for us. I think it's not reasonnable to force having ifdef for every
implementatons of libuuid, which all have conflicting uuid.h files.
Please, consider one of these patches so our users can stop suffering the
problem with conflicting or unsupported libuuid that we currently depend on. A
merge into tp-glib or even GLib can be considered later, currently the goal is
to allow Gabble to be cross-platform with a minimum effort, and correctness.
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the telepathy-bugs
mailing list