On Mon, May 25, 2020 at 09:05:21AM -0400, Remco Rijnders wrote:
On Sun, May 24, 2020 at 06:49:03PM -0700, Kevin wrote in
<20200525014903.ga1...@afu.lan>:
+ z1 = ((u_int32_t) tv.tv_sec << 20) | tv.tv_usec;
+ z2 = getpid();
+ z3 = getppid();
+ z4 = (intptr_t) &z4;
+}
Comments on the seed choices would be quite welcome. This first three
seem okay to me, but the fourth choice is probably a bit weak. I
don't know that it will vary much.
Well, the idea for z4 is really to pick another seed than any other
user running mutt on the same system would have.
every process gets its own address space, so it will be the same in each
process, unless the system has ASLR enabled (i have no idea what
percentage of systems enable user space ASLR).
why not do something proper and use getentropy() instead?
(the fallback on older/non-linux/-openbsd systems would be trying to
open /dev/urandom and /dev/random in turn, and only then falling back to
weak sources like above. the device access attempts can be skipped, as
this is about low-stakes randomness so far.)
