On 24/04/2008 02:54, Brandon Enright wrote:
> The problem here is that the rng is being seeded with time every time it
> is called. Time is pretty biased and will generate a collision which
> will create a cycle in the prng (calls to rand()).
So this probably explains why I didn't see the issue whilst stepping
through the code as much time passes between seedings whereas in
realtime, it's probably only microseconds.
>
> The solution to this is to drop the re-seeding code starting at line
> 184 of nbase/nbase_rng.cc (it is redundant and done in main.cc).
142 of nbase_rnd.c you mean? If so, patch attached. I've taken the
liberty of removing the badrandomwarning stuff too - Kris K has already
submitted a patch for this entire issue...
http://seclists.org/nmap-dev/2006/q3/0240.html
So, nice work Brandon and, retrospectively, to Kris!
regards,
jah
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Apr 23 2008
Intro
