[icinga-devel] Unnecessary randomness from /dev/urandom in icinga-nrpe?

Jann Horn jannhorn at googlemail.com
Sat Feb 12 15:46:44 CET 2011

in both parts of NRPE, the buffer for the packet first gets wiped with
zeroes and then gets overwritten with random numbers. A comment suggests
that it's used to make it harder to distinguish between actual data and
the empty space, but what I don't understand is this:
You can either use SSL or not. If you don't use it, the data is
unencrypted anyway and everyone can read it, right? And if you activate
SSL, an attacker shouldn't be able to recognize such stuff anyway,
right? I think that it has to be a very bad encryption if many zeroes
would be encrypted to a repeating pattern or so.
Therefore, I propose to throw out that randomness.

Note: Don't rely on this patch - it compiles, but as I don't have a test
installation here to test it, I am not sure that it will work.

Jann Horn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-removed-random-data-from-network-packets.patch
Type: application/mbox
Size: 3167 bytes
Desc: not available
URL: <http://lists.icinga.org/pipermail/icinga-devel/attachments/20110212/bfc63a8c/attachment.mbox>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://lists.icinga.org/pipermail/icinga-devel/attachments/20110212/bfc63a8c/attachment.sig>

More information about the icinga-devel mailing list