On Tue, Apr 21, 2026 at 06:13:44PM +0800, Kevin J. McCarthy wrote: > On Tue, Apr 21, 2026 at 09:40:37AM +0200, Werner Koch wrote: > > I see no attack here. However, mutt_random_bytes is also used to > > construct message ids. I would suggest to make them less predictable. > > But do not use new crypto algorithms for that. All systems come with > > proper random number generators these days. Something like > > > > /* Create an unpredicable nonce of LENGTH bytes in BUFFER. */ > > void gcry_create_nonce (void *buffer, size_t length); > > > > if you anyway link to Libgcrypt, or use the respective functions from > > the other crypto libs. > > Thank you Werner and Greg KH! (I'll just reply to you both here) > > Something like gcry_create_nonce() sounds perfect. Unfortunately we > don't link to Libgcrypt. > > Perhaps, as Greg KH suggested we could try checking for getrandom(), and > then arc4random_buf(), and if both are missing I guess fall back to what > we have now?
I would recommend that. I would hope that most modern systems have getrandom() by now. thanks, greg k-h
