BSDStats v4.0: Attempt to address some major issues ...
Matthew Seaman
m.seaman at infracaninophile.co.uk
Thu Sep 28 23:38:27 PDT 2006
Marc G. Fournier wrote:
> I've increased the size of the IDTOKEN to 32 from 16, since I've been
> noticing alot of duplicates when two hosts submit at close to the same
> time ...
Ummm... that's actually really bad. That means that the RNG used by OpenSSL
(hence SSH and others) is not actually producing anything like a proper
random sequence for a lot of people. Hence all sorts of crypto handled by
those machines is potentially vulnerable to attack. If this is the case,
going from 16 to 32 bytes of random token won't actually help at all.
On the other hand, the duplicates could be the result of people deliberately
trying to frig the statistics or just innocently running the 300.statistics
script manually several times. In either case, entries with duplicate tokens
should be discarded -- I guess you'ld always want to keep just the last entry
for any token.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060929/28725ac6/signature.pgp
More information about the freebsd-questions
mailing list