BSDStats v4.0: Attempt to address some major issues ...

Matthew Seaman m.seaman at
Thu Sep 28 23:38:27 PDT 2006

Marc G. Fournier wrote:

> I've increased the size of the IDTOKEN to 32 from 16, since I've been
> noticing alot of duplicates when two hosts submit at close to the same
> time ...

Ummm... that's actually really bad.  That means that the RNG used by OpenSSL
(hence SSH and others) is not actually producing anything like a proper
random sequence for a lot of people.  Hence all sorts of crypto handled by
those machines is potentially vulnerable to attack.  If this is the case,
going from 16 to 32 bytes of random token won't actually help at all.

On the other hand, the duplicates could be the result of people deliberately
trying to frig the statistics or just innocently running the 300.statistics
script manually several times.  In either case, entries with duplicate tokens
should be discarded -- I guess you'ld always want to keep just the last entry
for any token.



Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP:         Ramsgate
                                                      Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url :

More information about the freebsd-questions mailing list