Subject: Re: CVS commit: src/sbin/newfs
To: Perry E. Metzger <email@example.com>
From: David Laight <firstname.lastname@example.org>
Date: 09/04/2003 16:39:34
> > Log Message:
> > Randomise di_igen for the first 2 blocks of inodes for non-UFS2 filesystems.
> > Randomise di_igen for "/" (and lost+found) for UFS2 filesystems.
> Am I correct in stating you are using random() for this!? random() is
> not even remotely secure enough for a security critical purpose. Its a
> linear congruential generator, and not even a good one.
I'm just a bug-fixing monkey here...
However fsirand only uses random() anyway, but does remember to do srandom()
for what actual good it does!
Maybe arc4random() could be used instead?
David Laight: email@example.com