On Fri, 07 Jan 2011 14:09:10 MST, Theo de Raadt wrote: > > It is also important that the caller provides enough XXX to actually > > have a chance to finish the loop against a motivated concurrent user, > > especially when using something like /tmp. > > For us that is not really a problem since our mktemp is using 63 > possibilities per slot. Stem selection remains important, too. > > 250047 for XXX > 15752961 for XXXX > 992436543 for XXXX > > Personally I would recommend 10 X's.
For what it's worth, POSIX requires 6 X's and some implementations actually return an error if less are used (hello glibc). We should probably talk to someone about having that language changed from "six trailing 'X's" to "at least six trailing 'X's". - todd
