From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: <20090410084102.GG4823@masters6.cs.jhu.edu> References: <20090410084102.GG4823@masters6.cs.jhu.edu> Date: Sun, 12 Apr 2009 09:24:36 +1000 Message-ID: Subject: Re: [9fans] exportfs security question From: Russ Cox To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Topicbox-Message-UUID: da38e1b0-ead4-11e9-9d60-3106f5b1d025 > =C2=A0 =C2=A0/* exchange random numbers */ > =C2=A0 =C2=A0srand(truerand()); > =C2=A0 =C2=A0for(i =3D 0; i < 4; i++) > =C2=A0 =C2=A0 =C2=A0key[i+12] =3D rand(); if one really cared, the right thing to do would be fastrand() calls. truerand is only for things that absolutely must be random (not pseudo-random) or for seeding random number generators, as in this example. all the auth protocols are due for a rework, but honestly i don't think anyone cares enough to see it through, myself included. russ