[dnsdist] Generate a key with cryptographically secure

Y7n05h Y7n05h at protonmail.com
Sat Apr 2 09:29:37 UTC 2022


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi!

To implement https://github.com/PowerDNS/pdns/issues/9994,
we need to set TCP_FASTOPEN_KEY via setsockopt .
But how to generate a key?
I guess this key needs a random number that is cryptographically secure.
So we probably can't use rand() and random_engine from C or C++.
Perhaps /dev/urandom could be used, I found code using it.
I also noticed that there are some random number generation implementations
in the current code, but I'm not sure if they can be used in scenarios
where cryptographic security is required.

--
Best regards,

Y7n05h

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsFzBAEBCAAnBQJiSBd6CZDeeRJfh40URhYhBPNRQaesQ1DUbo17fN55El+H
jRRGAADtwQ/+N/Pd43b5aaFXTSu15QHjrCP43Pi0MxbYdmJq04L/P5tpBHCu
2yiEwEDRPmWr43R6W5szB0jtDBsotJaUBEs3UJwBAsqbbKYYQwxbkacWNNGI
YMNKd9wB/Pv4Iuf6SvI4y6breLsxx9qLFNKEkmP6pYGcK3jOmtoEXh4r1OwP
HKx+ZKULE4bBRNPhrvZ0MAY2BFAp4+t0Ie4lO2fZWEAaPoMqJEelc1xA5Jdx
qgFrfWWD16KOwm6CMteh5tvFFrjPy2vhfSY+7REWbxGVaRfrJXC9txQ3/eUC
G8iXGvACZ2KyvlEk1Vi5KaYwgWv5Ap4+VK+9EjJEBhayVDqIXWd2ITYU8iqe
9eXhIEBYkSEV1A2nlCoJXLuWKR1uUcAWf75cf3M7tmF9Nc43+5vLIdPF7sxN
Ho4a4l0jOqgImu6kYtakqTrzFALQI6OjxFLmS67Zs3Aqvm2OLHr1rcJSMYwe
yvR2hbvgLUQg/jQM6v4q0dLi4RzieJV3HaAhf2hXcwcphUJVPmZds6NiCyjF
ejNRDIUz2g+IhL8W1msE50lhPC1stx0oIiO+1GmnWf1sYDiVWI9KH0KNx5lL
UUsNex4ZIXstz/g/MZQMdY76gHAgFAwv2U5wN9w7a4+4VBeSpvMv1OwOp/hg
GE0w07WKapTn5zj5NctK/GNhV2TALWbRjuU=
=Vkmq
-----END PGP SIGNATURE-----



More information about the dnsdist mailing list