Re: Tempfile vulnerabilities

[Werner Koch]

On Mon, 31 Jan 2000, Grant Taylor wrote:

>          open RAN, "/dev/random" || die;
>          read(RAN,$foo,16);
>          close RAN;
>          $file = '/tmp/autobuse' . unpack('H16',$foo);

Please, never use /dev/random or /dev/urandom for such purposes.

Aside the fact, that it does not help much in what you want to achieve
it is a desaster to system performance because it empties the system's
entropy pool and wastes precious entropy for unneeded things.

Crypto software _really_ needs these random numbers.


--
Werner Koch at guug.de           www.gnupg.org           keyid 621CC013

     Boycott Amazon!  -  http://www.gnu.org/philosophy/amazon.html