ice icon indicating copy to clipboard operation
ice copied to clipboard
verified publisher icon zeroc-ice

Research /dev/urandom concurrent access

Open bernardnormier opened this issue 7 years ago • 0 comments

We currently assume that concurrent reads of /dev/urandom can return the same bytes, which was true years ago but may not longer be true today.

As a result, we synchronize reads to /dev/urandom (within the same process): https://github.com/zeroc-ice/ice/blob/v3.7.1/cpp/src/IceUtil/Random.cpp#L31

and also replace 15 random bits in UUIDs by our PID, resulting in only 122 - 15 = 107 random bits, see: https://github.com/zeroc-ice/ice/blob/v3.7.1/cpp/src/IceUtil/UUID.cpp#L131

We could possibly use instead a C++ Random Number Engine: http://en.cppreference.com/w/cpp/numeric/random

ICE-8843

bernardnormier avatar Apr 27 '18 13:04 bernardnormier