[Git][NTPsec/ntpsec][master] 2 commits: ntpkeygen: The seed argument to random.SystemRandom() is ignored

Gary E. Miller gitlab at mg.gitlab.com
Tue Jan 17 03:30:56 UTC 2017

Gary E. Miller pushed to branch master at NTPsec / ntpsec

664819d9 by Rubin, Greg at 2017-01-16T19:24:46-08:00
ntpkeygen: The seed argument to random.SystemRandom() is ignored

Misleading to use an unused parameter

Signed-off-by: Gary E. Miller <gem at rellim.com>

- - - - -
ecd876b1 by Gary E. Miller at 2017-01-16T19:30:17-08:00
ntpkeygen: remove incorrect info from man page.

- - - - -

2 changed files:

- docs/includes/ntpkeygen-body.txt
- ntpclients/ntpkeygen


--- a/docs/includes/ntpkeygen-body.txt
+++ b/docs/includes/ntpkeygen-body.txt
@@ -88,9 +88,10 @@ predictable. Various means dependent on external events, such as
 keystroke intervals, can be used to do this and some systems have
 built-in entropy sources.
-This implementation uses Python's PRNG, seeded with a combination
-of the system time and the current process ID.  The core of this
-is based on the Mersenne Twister, with a period of 2^19937^-1.
+This implementation uses Python's random module.  The function used
+calls the underlying OS's urandom syscall.  The security of the 
+module is improved in
+https://docs.python.org/library/os.html#os.urandom[Python 3.5+].
 == Cryptographic Data Files ==

--- a/ntpclients/ntpkeygen
+++ b/ntpclients/ntpkeygen
@@ -88,7 +88,9 @@ if __name__ == '__main__':
             print("usage: ntpkeygen [-M]")
             raise SystemExit(0)
-    randomizer = random.SystemRandom(time.time() + os.getpid())
+    # The seed is ignored by random.SystemRandom, 
+    # even though the docs does not say so.
+    randomizer = random.SystemRandom()
     gen_md5("md5", socket.gethostname())
     raise SystemExit(0)

View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/e441a593be93b9f8851e11253a8fd5604ca1295b...ecd876b151d6e5b1064aedd0101171c1c2a8bd19
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20170117/e8709e1b/attachment.html>

More information about the vc mailing list