Nmap Development mailing list archives
Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets
From: jah <jah () zadkiel plus com>
Date: Thu, 24 Apr 2008 03:45:55 +0100
On 24/04/2008 02:54, Brandon Enright wrote:
The problem here is that the rng is being seeded with time every time it is called. Time is pretty biased and will generate a collision which will create a cycle in the prng (calls to rand()).
So this probably explains why I didn't see the issue whilst stepping through the code as much time passes between seedings whereas in realtime, it's probably only microseconds.
The solution to this is to drop the re-seeding code starting at line 184 of nbase/nbase_rng.cc (it is redundant and done in main.cc).
142 of nbase_rnd.c you mean? If so, patch attached. I've taken the liberty of removing the badrandomwarning stuff too - Kris K has already submitted a patch for this entire issue... http://seclists.org/nmap-dev/2006/q3/0240.html So, nice work Brandon and, retrospectively, to Kris! regards, jah
--- nbase_rnd.c.orig Mon Mar 3 15:21:50 2008 +++ nbase_rnd.c Thu Apr 24 03:24:49 2008 @@ -109,11 +109,9 @@ int get_random_bytes(void *buf, int numbytes) { static char bytebuf[2048]; - static char badrandomwarning = 0; static int bytesleft = 0; int tmp; int res; - struct timeval tv; FILE *fp = NULL; unsigned int i; short *iptr; @@ -134,15 +132,6 @@ bytesleft = sizeof(bytebuf); } if (!fp) { - if (badrandomwarning == 0) { - badrandomwarning++; - /* error("WARNING: your system apparently does not offer /dev/urandom or /dev/random. Reverting to less secure version."); */ - - /* Seed our random generator */ - gettimeofday(&tv, NULL); - srand((tv.tv_sec ^ tv.tv_usec) ^ getpid()); - } - for(i=0; i < sizeof(bytebuf) / sizeof(short); i++) { iptr = (short *) ((char *)bytebuf + i * sizeof(short)); *iptr = rand();
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [Bug]? -iR <num_hosts> on windows XP generates duplicate targets jah (Apr 23)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets Fyodor (Apr 23)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets Brandon Enright (Apr 23)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets jah (Apr 23)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets Fyodor (Apr 23)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets Brandon Enright (Apr 23)
- RE: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets Thomas Buchanan (Apr 23)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets Fyodor (Apr 23)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets jah (Apr 24)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets Brandon Enright (Apr 30)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets jah (Apr 30)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets David Fifield (Apr 30)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets Brandon Enright (Apr 30)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets Kris Katterjohn (May 01)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets Brandon Enright (Apr 23)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets Fyodor (Apr 23)