about summary refs log tree commit diff
diff options
context:
space:
mode:
authorLeah Neukirchen <leah@vuxu.org>2018-12-25 19:31:34 +0100
committerLeah Neukirchen <leah@vuxu.org>2018-12-25 19:31:34 +0100
commit5280abfa10d04fc294778f85335dcb72498481d7 (patch)
treee91aa92ef1f22136829fbaecce262cd295df59e8
parent3cc19448774c4028179df34f26c1be258e57e10b (diff)
downloadmblaze-5280abfa10d04fc294778f85335dcb72498481d7.tar.gz
mblaze-5280abfa10d04fc294778f85335dcb72498481d7.tar.xz
mblaze-5280abfa10d04fc294778f85335dcb72498481d7.zip
mgenmid: do not use raw timestamp
We one-time-pad the timestamp with a random key instead.
This will provide enough entropy to be unique, but not leak the system date.
Even with a bad RNG state it should guarantee uniqueness, however.
-rw-r--r--man/mgenmid.14
-rw-r--r--mgenmid.c21
2 files changed, 15 insertions, 10 deletions
diff --git a/man/mgenmid.1 b/man/mgenmid.1
index b63b5db..ad1abc2 100644
--- a/man/mgenmid.1
+++ b/man/mgenmid.1
@@ -1,4 +1,4 @@
-.Dd August 1, 2016
+.Dd December 25, 2018
 .Dt MGENMID 1
 .Os
 .Sh NAME
@@ -9,7 +9,7 @@
 .Sh DESCRIPTION
 .Nm
 generates and prints a unique Message-ID.
-The Message-ID consists of an encoded timestamp,
+The Message-ID consists of an encrypted timestamp,
 a random value,
 and a fully qualified domain name.
 .Pp
diff --git a/mgenmid.c b/mgenmid.c
index 497cbc4..c7d713c 100644
--- a/mgenmid.c
+++ b/mgenmid.c
@@ -85,30 +85,35 @@ int main()
 	struct timeval tp;
 	gettimeofday(&tp, (struct timezone *)0);
 
-	uint64_t rnd;
+	uint64_t rnd1, rnd2;
 
 	int rndfd = open("/dev/urandom", O_RDONLY);
 	if (rndfd >= 0) {
-		unsigned char rndb[8];
+		unsigned char rndb[16];
 		if (read(rndfd, rndb, sizeof rndb) != sizeof rndb)
 			goto fallback;
 		close(rndfd);
 
 		int i;
-		for (i = 0, rnd = 0; i < 8; i++)
-			rnd = rnd*256 + rndb[i];
+		for (i = 0, rnd1 = 0; i < 8; i++)
+			rnd1 = rnd1*256 + rndb[i];
+		for (i = 0, rnd2 = 0; i < 8; i++)
+			rnd2 = rnd2*256 + rndb[i+8];
 	} else {
 fallback:
 		srand48(tp.tv_sec ^ tp.tv_usec ^ getpid());
-		rnd = ((uint64_t)lrand48() << 32) + lrand48();
+		rnd1 = ((uint64_t)lrand48() << 32) + lrand48();
+		rnd2 = ((uint64_t)lrand48() << 32) + lrand48();
 	}
 
-	rnd |= (1ULL << 63);  // set highest bit to force full width
+	rnd1 ^= ((uint64_t)tp.tv_sec * 1000000LL + tp.tv_usec);
+	rnd1 |= (1ULL << 63);  // set highest bit to force full width
+	rnd2 |= (1ULL << 63);  // set highest bit to force full width
 
 	putchar('<');
-	printb36(((uint64_t)tp.tv_sec * 1000000LL + tp.tv_usec));
+	printb36(rnd1);
 	putchar('.');
-	printb36(rnd);
+	printb36(rnd2);
 	putchar('@');
 	fputs(host, stdout);
 	putchar('>');