Forum

Warning random() isn't random; consider using arc4random()

Heiko

27 September 2014, 22:28

Hi Hugo,

how can I fix this:

Linking C executable hiawatha
CMakeFiles/hiawatha.dir/src/send.c.o(.text+0x8b4): In function `send_digest_auth':
/root/hiawatha-9.8/src/send.c:749: warning: random() isn't random; consider using arc4random()
CMakeFiles/hiawatha.dir/src/send.c.o(.text+0x1438): In function `send_header':
/root/hiawatha-9.8/src/send.c:381: warning: rand() isn't random; consider using arc4random()

Linking C executable wigwam
CMakeFiles/wigwam.dir/src/wigwam.c.o(.text+0x3b0): In function `create_basic_password':
/root/hiawatha-9.8/src/wigwam.c:845: warning: srand() seed choices are invariably poor

Thank you.
Heiko

Hiawatha version: 9.8
Operating System: OpenBSD 5.6 current amd64

Hugo Leisink

28 September 2014, 10:21

Although rand() is considered less secure than arc4random(), the usage as mentioned above can't harm the security of Hiawatha. You can ignore the warnings.

Heiko

28 September 2014, 18:44

Thanks Hugo.

BTW
If somebody is interessted in arc4random:
http://www.openbsd.org/papers/eurobsdcon2014_arc4random/mgp00001.html

Hugo Leisink

28 September 2014, 21:00

External image via http://www.formcode.com/design-detroit/wp-content/uploads/2012/08/memethequeen.png

This topic has been closed.

Back