[RFC] Support for /dev/urandom in kdelibs

Michael Buesch mbuesch at freenet.de
Sun Dec 26 20:36:21 GMT 2004


Quoting Albert Astals Cid <astals11 at terra.es>:
> KApplication::random() code seems to use /dev/urandom

Ok, I see. But it's for "int" only.
and KApplication::randomString() is for QString only.
My idea was to standardize all random sequence generation in KDE.
So that we can deprecate KApplication::random(), KApplication::randomString()
and KRandomSequence and have it all in one central and easy to use class.


BTW, the code of KApplication::random() looks a little bit strange to me.
The comments in the following source snippet are mine.

int KApplication::random()
{
   static int init = false;
//        ^^^ Why not bool?
   if (!init)
   {
      unsigned int seed;
      init = true;
      int fd = open("/dev/urandom", O_RDONLY);
// Why only read the seed from /dev/urandom and not directly
// the random data itself?
      if (fd <= 0 || ::read(fd, &seed, sizeof(seed)) != sizeof(seed))
// fd == 0 is not an invalid fd.
// glibc doc: "In the case of an error, a value of -1 is returned instead."
// So this should be  if (fd == -1
// Another aspect is, that we execute the ::read in every case, if we have
// a valid fd or not. This is unclean.
      {
            srand(getpid());
            seed = rand()+time(0);
      }
      if (fd >= 0) close(fd);
// should be  if (fd != -1)
// glibc docu does not say that negative fds other than
// -1 are invalid. So -34 may be a perfectly fine fd.
      srand(seed);
   }
   return rand();
}


> Albert
> 
> A Diumenge 26 Desembre 2004 13:49, Michael Buesch va escriure:
> > Hi,
> >
> > Is there a possibility to get support for a cryptographically strong
> > randomizer into the kdelibs for KDE-4?
> > If I did not miss something, there is only KRandomSequence which
> > generates random values based on a seed.
> >
> > What about something like the following class:
> > http://webcvs.kde.org/kdeextragear-3/pwmanager/pwmanager/randomizer/randomi
> >zer.h?rev=1.2&view=markup
> > http://webcvs.kde.org/kdeextragear-3/pwmanager/pwmanager/randomizer/randomi
> >zer.cpp?rev=1.2&view=markup
> >
> > I use this class in my program PwManager.
> > It probes for the availability of strong randomizers in the
> > system. In the unlikely case that there is neither /dev/urandom,
> > /dev/random nor a running EGD, it falls back to the stdlib randomizer.
> > (Yes, there is room for improvement at the stdlib rand() fallback.
> > It's not reentrant yet and it's very bad).
> >
> > Usage of the class is as follows:
> >
> > int foo;
> > Randomizer rnd;
> > rnd >> foo;
> > // foo has a random value now.
> >
> > [SNIP]
> >
> > QByteArray foo(666);
> > Randomizer rnd;
> > rnd >> foo;
> > // foo is a QByteArray with 666 random bytes.
> >
> > [SNIP]
> >
> > char foo[123];
> > Randomizer rnd;
> > rnd.nextSize(sizeof(foo));
> > rnd >> foo;
> > // foo is a char array with sizeof(foo) == 123 random bytes.
> 
> 

-- 
Regards Michael Buesch  [ http://www.tuxsoft.de.vu ]


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20041226/e563ea3b/attachment.sig>


More information about the kde-core-devel mailing list