Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] library clientid not random enough

Hi Stefan,

That sounds pretty reasonable to me. Aside from the pid, /dev/random
isn't very portable anyway - a better solution would be the openssl
random functions if available.



On Wed, Feb 10, 2016 at 9:30 AM, Stefan May <stefan.may@xxxxxxx> wrote:
> Hi,
> I found some log messages at the mosquitto broker regarding dis-/reconnects
> that were caused by clients using the same clientid. I'm using the automatic
> generation of clientids in the call mosquitto_new().
> So what exactly happens is the following: two clients starting
> *simultaneously* on different computers. Sometimes they get the same
> clientid.
> Digging into the library code I was searching for the seeding of PRNG and
> found it in mosquitto_lib_init(). The PRNG is only seeded with the current
> time, which can be equal on different computers. In my opinion it should be
> seeded not only with time, but with some better randomness, so that
> collisions between different clients are reduced. Is using time and getpid()
> a better candidate? Using /dev/random seems like breaking a fly on the
> wheel.
> tty, Stefan.
> --
> Stefan May
> Department MPS
> Deutsches Elektronen-Synchrotron DESY
> A Research Centre of the Helmholtz Association
> Notkestr. 85, 22607 Hamburg
> Phone: +49-40-8998-4636
> for guests: Bldg. 30/Rm. 419
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit

Back to the top