[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [mosquitto-dev] library clientid not random enough
|
Hi Stefan,
That sounds pretty reasonable to me. Aside from the pid, /dev/random
isn't very portable anyway - a better solution would be the openssl
random functions if available.
Cheers,
Roger
On Wed, Feb 10, 2016 at 9:30 AM, Stefan May <stefan.may@xxxxxxx> wrote:
> Hi,
>
> I found some log messages at the mosquitto broker regarding dis-/reconnects
> that were caused by clients using the same clientid. I'm using the automatic
> generation of clientids in the call mosquitto_new().
>
> So what exactly happens is the following: two clients starting
> *simultaneously* on different computers. Sometimes they get the same
> clientid.
>
> Digging into the library code I was searching for the seeding of PRNG and
> found it in mosquitto_lib_init(). The PRNG is only seeded with the current
> time, which can be equal on different computers. In my opinion it should be
> seeded not only with time, but with some better randomness, so that
> collisions between different clients are reduced. Is using time and getpid()
> a better candidate? Using /dev/random seems like breaking a fly on the
> wheel.
>
> tty, Stefan.
> --
> Stefan May
> Department MPS
>
> Deutsches Elektronen-Synchrotron DESY
> A Research Centre of the Helmholtz Association
> Notkestr. 85, 22607 Hamburg
>
> Phone: +49-40-8998-4636
> for guests: Bldg. 30/Rm. 419
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit
> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
