[Popcon-developers] Bug#854712: popularity-contest.postinst is doing silly things with /dev/urandom
sacrificial-spam-address at sciencehorizons.net
sacrificial-spam-address at sciencehorizons.net
Thu Feb 9 18:23:26 UTC 2017
Package: popularity-contest
Version: 1.64
generate_id() {
if which uuidgen >/dev/null 2>&1; then
MY_HOSTID=`uuidgen | tr -d -`
else
MY_HOSTID=`dd if=/dev/urandom bs=1k count=1 2>/dev/null | md5sum | sed 's/ -//'''`
fi
}
A few notes:
1) You do not need, and should not use, 1 kilobyte of entropy to generate
a 16-byte random number. You should use 128 bits of seed material,
not 8192!
2) If you want a random uuid, then /proc/sys/kernel/random/uuid will
provide one for you, just like uuidgen.
3) There's no need to hash the output of /dev/urandom. Simpler would be
to just use "od -x -An -N16 /dev/urandom". (od and md5sum are both
in coreutils.)
I'd suggest:
if which uuidgen >/dev/null 2>&1; then
MY_HOSTID=`uuidgen -r | tr -d -`
else if test -r /proc/sys/kernel/random/uuid; then
MY_HOSTID=`tr -d - < /proc/sys/kernel/random/uuid`
else
MY_HOSTID=`od -x -An -N16 /dev/urandom | tr -d ' '`
fi
More information about the Popcon-developers
mailing list