Nmap Development mailing list archives
Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Thu, 24 Apr 2008 03:33:37 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 23 Apr 2008 20:05:39 -0700 or thereabouts Fyodor <fyodor () insecure org> wrote:
On Thu, Apr 24, 2008 at 01:54:45AM +0000, Brandon Enright wrote:The problem here is that the rng is being seeded with time every time it is called.I don't think it is. Here is the code with more context: if (badrandomwarning == 0) { badrandomwarning++; /* error("WARNING: your system apparently does not offer /dev/urandom or /dev/random. Reverting to less secure version."); */ /* Seed our random generator */ gettimeofday(&tv, NULL); srand((tv.tv_sec ^ tv.tv_usec) ^ getpid()); } badrandomwarning is a static variable. So this block should only be called once. And when I uncomment the error message, I indeed only see it printed once.
Yep, I was too hasty in my glancing through code.
HOWEVER, removing the srand() does seem to fix the issue on Windows. But I'm not really included to do that unless we have to, because I'd rather the library not require that of callers. I just tried removing the /dev/random stuff on Linux, and Linux still seems to generate good IPs using the same srand()/rand() code. So it may be something specific to Windows or maybe their srand()/rand() implementation.
It seems that Visual Studio uses a RAND_MAX of 32767 while GCC uses a RAND_MAX of 2147483647.
I've only had a few minutes to look at this, but it isn't clear what the problem is.
Digging deeper into Windows documentation on this turns up: Remarks The rand function returns a pseudorandom integer in the range 0 to RAND_MAX (32767). Use the srand function to seed the pseudorandom-number generator before calling rand. (http://msdn2.microsoft.com/en-us/library/398ax69y(VS.80).aspx) That max suggests to me that rand() on Windows only has 2^15 states and that the cycle we are seeing comes from calling more than 2^15 times. One way to check is to store the first call to rand() in a static var and then check how many calls it takes before the same value is returned. I suspect that if we are just running into a very short cycle problem then we'll also run into the even/odd alternation issue. even/odd alternation is devastating when trying to generate reasonably random IPs. We may want to do a #ifdef WIN32 and use rand_s().
Cheers, -F
If anyone has documentation on what LCG Visual Studio is using I'd love to see it. It's really pathetic that we're in 2008 and compilers and operating systems still don't provide good psuedo-random functions like the Mersenne Twister. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkgP/5cACgkQqaGPzAsl94KlZACgw16JGtB9pgwSBFZU4NjHFGCs irAAn1mjM9UQvOYc8waatkCP1M46GHgw =n6bh -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets, (continued)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets Kris Katterjohn (May 01)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets doug (May 01)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets Brandon Enright (May 01)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets doug (May 01)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets doug (May 01)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets doug (May 01)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets doug (May 01)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets Fyodor (May 02)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets jah (Apr 23)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets Fyodor (Apr 23)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets Brandon Enright (Apr 23)
- Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets Fyodor (Apr 23)