Subject: Re: CVS commit: src/sbin/newfs
To: Perry E. Metzger <perry@piermont.com>
From: David Laight <david@l8s.co.uk>
List: source-changes
Date: 09/04/2003 16:39:34
> > Log Message:
> > Randomise di_igen for the first 2 blocks of inodes for non-UFS2 filesystems.
> > Randomise di_igen for "/" (and lost+found) for UFS2 filesystems.
> 
> Am I correct in stating you are using random() for this!? random() is
> not even remotely secure enough for a security critical purpose. Its a
> linear congruential generator, and not even a good one.

I'm just a bug-fixing monkey here...
However fsirand only uses random() anyway, but does remember to do srandom()
for what actual good it does!

Maybe arc4random() could be used instead?

	David

-- 
David Laight: david@l8s.co.uk