Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: PRNG benchmark results and proposal
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Mon, 5 May 2008 04:18:22 +0000

Hash: SHA1

On Sun, 4 May 2008 18:19:49 -0700 or thereabouts Fyodor
<fyodor () insecure org> wrote:

On Mon, May 05, 2008 at 12:45:05AM +0000, Brandon Enright wrote:

So, I propose we change all random number generation to use DNet's
PRNG at all times.  It is fast, portable C, already included in
Nmap, and quite a bit higher quality than we actually /need/.

Thanks for benchmarking.  Sounds good to me!

I'd like someone to weigh in on BSD/GPL licensing conflicts before I
proceed to either use rand.c or re-write rand.c for nbase_rnd.

I believe the BSD/GPL licensing conflict involves traditional BSD with
advertising clause.  Libdnet doesn't have that clause (see
nmap/libdnet-stripped/LICENSE).  So code from dnet's rand.c can be
used.  Of course the rand.c authors need to be credited in the code
(even if it is rewritten).

So I'm not opposed to rewriting the code if it is short, but we don't
have to either.


Okay, attached is the patch to move (with re-write) dnet's rand.c
routine into nbase_rnd.c

The re-write ended up going pretty smoothly and I was able to adapt the
dnet rand API to better fit into the nbase API.  I decided to eliminate
the malloc/free state struct design in favor of using a static struct.
Nmap doesn't need multiple RNG states so this ends up being cleaner.

I've tested this patch on Linux x86 and Linux x86_64.  I'd like it if
someone more familiar with other OSes (like Windows) give the patch a

Note that although this patch dramatically speeds up the random
number generation, generating random IPs with -iR isn't speed up much
because most of the time is spent in other routines.  Nmap should
probably be profiled while using -iR; there are likely to be some big
and easy gains in the other routines involved.

Once I get the thumbs up, I'll check this patch in and remove
dnet/rand.c  I'll also go through the rest of Nmap's code and
transition all rand() calls over to use the nbase_rnd API.


Version: GnuPG v2.0.9 (GNU/Linux)


Attachment: nmap_rand.diff

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]