[RFC] Support for /dev/urandom in kdelibs

Sun Dec 26 20:45:58 GMT 2004

Quoting Michael Buesch <mbuesch at freenet.de>:
> Quoting Albert Astals Cid <astals11 at terra.es>:
> > KApplication::random() code seems to use /dev/urandom
> 
> Ok, I see. But it's for "int" only.
> and KApplication::randomString() is for QString only.
> My idea was to standardize all random sequence generation in KDE.
> So that we can deprecate KApplication::random(), KApplication::randomString()
> and KRandomSequence and have it all in one central and easy to use class.
> 
> 
> BTW, the code of KApplication::random() looks a little bit strange to me.
> The comments in the following source snippet are mine.
> 
> int KApplication::random()
> {
>    static int init = false;
> //        ^^^ Why not bool?
>    if (!init)
>    {
>       unsigned int seed;
>       init = true;
>       int fd = open("/dev/urandom", O_RDONLY);
> // Why only read the seed from /dev/urandom and not directly
> // the random data itself?
>       if (fd <= 0 || ::read(fd, &seed, sizeof(seed)) != sizeof(seed))
> // fd == 0 is not an invalid fd.
> // glibc doc: "In the case of an error, a value of -1 is returned instead."
> // So this should be  if (fd == -1
> // Another aspect is, that we execute the ::read in every case, if we have
> // a valid fd or not. This is unclean.
>       {
>             srand(getpid());
>             seed = rand()+time(0);
>       }
>       if (fd >= 0) close(fd);
> // should be  if (fd != -1)
> // glibc docu does not say that negative fds other than
> // -1 are invalid. So -34 may be a perfectly fine fd.

ok, that part is wrong. ;)
So this  if (fd >= 0)  is ok.
But the above is still valid.

>       srand(seed);
>    }
>    return rand();
> }
> 
> 
> > Albert
> > 
> > A Diumenge 26 Desembre 2004 13:49, Michael Buesch va escriure:
> > > Hi,
> > >
> > > Is there a possibility to get support for a cryptographically strong
> > > randomizer into the kdelibs for KDE-4?
> > > If I did not miss something, there is only KRandomSequence which
> > > generates random values based on a seed.
> > >
> > > What about something like the following class:
> > > http://webcvs.kde.org/kdeextragear-3/pwmanager/pwmanager/randomizer/randomi
> > >zer.h?rev=1.2&view=markup
> > > http://webcvs.kde.org/kdeextragear-3/pwmanager/pwmanager/randomizer/randomi
> > >zer.cpp?rev=1.2&view=markup
> > >
> > > I use this class in my program PwManager.
> > > It probes for the availability of strong randomizers in the
> > > system. In the unlikely case that there is neither /dev/urandom,
> > > /dev/random nor a running EGD, it falls back to the stdlib randomizer.
> > > (Yes, there is room for improvement at the stdlib rand() fallback.
> > > It's not reentrant yet and it's very bad).
> > >
> > > Usage of the class is as follows:
> > >
> > > int foo;
> > > Randomizer rnd;
> > > rnd >> foo;
> > > // foo has a random value now.
> > >
> > > [SNIP]
> > >
> > > QByteArray foo(666);
> > > Randomizer rnd;
> > > rnd >> foo;
> > > // foo is a QByteArray with 666 random bytes.
> > >
> > > [SNIP]
> > >
> > > char foo[123];
> > > Randomizer rnd;
> > > rnd.nextSize(sizeof(foo));
> > > rnd >> foo;
> > > // foo is a char array with sizeof(foo) == 123 random bytes.
> > 
> > 
> 

-- 
Regards Michael Buesch  [ http://www.tuxsoft.de.vu ]

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20041226/8290c957/attachment.sig>