[BusyBox 0001606]: zcip random number seeding too predictable

bugs at busybox.net bugs at busybox.net
Sun Nov 25 04:54:41 PST 2007 

The following issue has been CLOSED 
====================================================================== 
http://busybox.net/bugs/view.php?id=1606 
====================================================================== 
Reported By:                icl
Assigned To:                BusyBox
====================================================================== 
Project:                    BusyBox
Issue ID:                   1606
Category:                   Networking Support
Reproducibility:            sometimes
Severity:                   minor
Priority:                   normal
Status:                     closed
Resolution:                 open
Fixed in Version:           
====================================================================== 
Date Submitted:             11-25-2007 00:09 PST
Last Modified:              11-25-2007 04:54 PST
====================================================================== 
Summary:                    zcip random number seeding too predictable
Description: 
Due to a recent change, the random number in zcip is being seeded with the
first 4 bytes of the ethernet address (previously, srand48 was being used,
and the full ethernet address was used to seed the random number
generator).

Now, the first 3 bytes of an ethernet address is the vendor ID, and the
last 3 ones are typically assigned sequentially by the manufacturer.

So if busybox zcip is being used on multiple identical devices on the same
network, the chance of the first 4 bytes of the mac address being identical
is actually quite high.

Suggest to use the last 4 bytes instead (while still not as good as using
all 6 bytes, it certainly is much better than the current approach).

Note that for alignment reasons, this means that some byte or uint16
copying will be necessary, but the performance impact of this is
negligable, as it is just required once at zcip startup.
====================================================================== 

---------------------------------------------------------------------- 
 vda - 11-25-07 04:54  
---------------------------------------------------------------------- 
Fixed in svn, thanks for the report. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
11-25-07 00:09  icl            New Issue                                    
11-25-07 00:09  icl            Status                   new => assigned     
11-25-07 00:09  icl            Assigned To               => BusyBox         
11-25-07 04:54  vda            Status                   assigned => closed  
11-25-07 04:54  vda            Note Added: 0002959                          
======================================================================

More information about the busybox-cvs mailing list