Smolt database is broken
Tony Nelson
tonynelson at georgeanelson.com
Tue Nov 20 19:06:17 UTC 2007
At 11:32 PM -0500 11/19/07, Yaakov Nemoy wrote:
>On Nov 19, 2007 11:13 PM, David Kewley <kewley at gps.caltech.edu> wrote:
>> I noticed something similar many months ago, where my machine's entry didn't
>> even have the right architecture. As I recall, I emailed the Smolt
>> maintainer, and he said it was probably a problem with the client-side UUID
>> generation not being random enough. As a result, multiple machines could
>> get the same UUID and so write to the same server database entry. That's
>> the last I heard about it.
>
>That is in fact a possibility. It uses the output from
>/proc/sys/kernel/random/uuid to work. Is there a flaw with this
>method that we know nothing about? Should we use another?
I don't /know/ anything about this, but if the UUID is generated early on,
there may not have been much entropy made yet. I see that /dev/random
blocks until it thinks it has enough entropy, while /dev/urandome does not,
but I don't know what /proc/sys/kernel/random/* does, though
/proc/sys/kernel/random/entropy_avail should be informative. `while : ; do
cat /proc/sys/kernel/random/{uuid,entropy_avail} ; done` depletes
entropy_avail of about 256 bits each time, but it never gets to 0, and a
uuid is always returned. This might be bad, or it might represent
obtaining enough entropy before returning. I can check harder (measure
times, look for dups) on request.
--
____________________________________________________________________
TonyN.:' <mailto:tonynelson at georgeanelson.com>
' <http://www.georgeanelson.com/>
More information about the devel
mailing list