Hi,
I'm developing a small multiplayer card game on OpenBSD
(but also try to keep it at least compilable on Linux).
After 32 cards have been shuffled, each of 3 players gets
10 cards. At the moment I use the sum of time()s when any
data has been received from a player as the seed value:
typedef struct client_s {
.....
time_t last;
} client;
.....
srandom((cp->last + prev->last + next->last) % UINT_MAX);
I'm worried though, that someone will look at my source code
and since those 3 time()s are probably contained in the last 10
minutes, then there aren't actually that many variants.
So an attacker will prepare a list of possible variants,
filter them by looking at the 10 cards at his own hand and
then with each played trick will have a better idea,
what cards do the other players have in their hands.
Where could I get a better seed? Should I use the initstate()
and srandomdev() routines and how to use them (in which
order)?
Regards
Alex
PS: Also I'm worried, if my naive code above
overflows and maybe in few years it'll be equal to
srandom(UINT_MAX % UINT_MAX); or similar...
