On 07.12.2017 02:59, Thorsten Behrens wrote:
Hi Stephan, dear fellow hackers,
there's a chunk of places in the code, where (cargo-culted?) a random
pool gets fed with current system time, presumably to seed it with
enough entropy:
TimeValue aTime;
osl_getSystemTime( &aTime );
rtlRandomPool aRandomPool = rtl_random_createPool ();
rtl_random_addBytes ( aRandomPool, &aTime, 8 );
Then again, initPool() in sal/rtl/random.cxx already does the same, so
that really looks redundant?
yes, definitely.
tbh i'd want to remove initPool, which is just a fallback path, as well
and just abort if osl_get_system_random_data fails; if you don't have
/dev/urandom you can always fall back on the standard text editor ed(1).
--
DDJ: You've mentioned Edsger Dijkstra. What do you think of his work?
DK: His great strength is that he is uncompromising. It would make
him physically ill to think of programming in C++.
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.