From 3b4523fef765fdb489f4a159a985a0edd15c8f2b Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Mon, 12 Mar 2012 11:05:03 +0100 Subject: [PATCH] Increase entropy of generated pad files, patch from Toby Speight . - Seeding the random number generator from PID and current time provides very little entropy, as these can be guessed quite closely by an attacker, so use the kernel's random number generator instead. --- src/pad.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/pad.c b/src/pad.c index 6d45689..1137322 100644 --- a/src/pad.c +++ b/src/pad.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include "conf.h" @@ -181,6 +182,8 @@ static void pusb_pad_update(t_pusb_options *opts, FILE *f_system = NULL; char magic[1024]; int i; + unsigned int seed; + int devrandom; if (!pusb_pad_should_update(opts, user)) return ; @@ -201,7 +204,14 @@ static void pusb_pad_update(t_pusb_options *opts, pusb_pad_protect(user, fileno(f_system)); log_debug("Generating %d bytes unique pad...\n", sizeof(magic)); - srand(getpid() * time(NULL)); + devrandom = open("/dev/random", O_RDONLY); + if (devrandom < 0 || read(devrandom, &seed, sizeof seed) != sizeof seed) { + log_debug("/dev/random seeding failed...\n"); + seed = getpid() * time(NULL); /* low-entropy fallback */ + } + if (devrandom > 0) + close(devrandom); + srand(seed); for (i = 0; i < sizeof(magic); ++i) magic[i] = (char)rand(); log_debug("Writing pad to the device...\n");