Marcus Brinkmann writes:
> On Mon, Aug 26, 2002 at 12:50:22PM -0500, Branden Robinson wrote:
> > > I can't believe he actually intends to keep it like this..
> >
> > I'm going to #define DEV_RANDOM /dev/random for Linux systems.
>
> That's bad, because that will drain the entropy a lot, and it might
> block for a long time, and that for no good reason as I don't think the
> magic cookie needs strong cryptographical security (for comparison: The
> secret key of a public key cryptography key pair should be created using
> /dev/random, while for session keys /dev/urandom is good enough).
Here is how I create the magic cookie in my ~/.xserverrc shell script,
cookie ()
{
dd if=/dev/urandom 2>/dev/null bs=16 count=1 | od -x | awk ' NR==1 {
print $2 $3 $4 $5 $6 $7 $8 $9 } '
}
e.g.,
$ cookie
a0de8e57919780bbc5ff16e66e1af2a9
and I use it in .xserverrc like this,
mcookie=`cookie`
# Add this cookie to the X server auth file.
xauth -f "${auth}" \
-v add "0.0.0.0:${xdpnum}" "${access}" "${mcookie}"
# Add necessary new display entries to .Xauthority file.
xauth -v add "${eth0}:${xdpnum}" "${access}" "${mcookie}"
xauth -v add "${host}:${xdpnum}" "${access}" "${mcookie}"
xauth -v add "${host}/unix:${xdpnum}" "${access}" "${mcookie}"
Why does anyone need to read megabytes of urandom? If it really
is random, then 16 bytes should be enough.
--
Jeff Sheinberg
