Date: Fri, 29 Sep 2006 07:37:53 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: "Marc G. Fournier" <freebsd@hub.org> Cc: freebsd-questions@freebsd.org Subject: Re: BSDStats v4.0: Attempt to address some major issues ... Message-ID: <451CBF41.1010208@infracaninophile.co.uk> In-Reply-To: <20060928232533.Y51847@ganymede.hub.org> References: <20060928232533.Y51847@ganymede.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig6552E66A44F1AB20E84D8EA2 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Marc G. Fournier wrote: > I've increased the size of the IDTOKEN to 32 from 16, since I've been > noticing alot of duplicates when two hosts submit at close to the same > time ... Ummm... that's actually really bad. That means that the RNG used by Open= SSL (hence SSH and others) is not actually producing anything like a proper random sequence for a lot of people. Hence all sorts of crypto handled b= y those machines is potentially vulnerable to attack. If this is the case,= going from 16 to 32 bytes of random token won't actually help at all. On the other hand, the duplicates could be the result of people deliberat= ely trying to frig the statistics or just innocently running the 300.statisti= cs script manually several times. In either case, entries with duplicate to= kens should be discarded -- I guess you'ld always want to keep just the last e= ntry for any token. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig6552E66A44F1AB20E84D8EA2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFHL9H8Mjk52CukIwRCJIWAJ9l3ytuP5Lo+E9uL5M3hJ7+8mFy4ACePerB zUkToHsLR6LFeaD2EsFdvWo= =Zl1C -----END PGP SIGNATURE----- --------------enig6552E66A44F1AB20E84D8EA2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?451CBF41.1010208>