On 2013-04-23 14:31:51 +0200, Vincent Lefevre wrote: > On 2013-04-23 07:47:56 -0400, grarpamp wrote: > > > you can add random characters before the suffix, and in case of > > > > Random chars from where? > > Even functions like rand() or random() can be sufficient with a seed > difficult to guess (whether Mutt is interactive or not), since there > has already been randomness to generate the first filename. If this > isn't OK, /dev/urandom is available on many systems: > > http://en.wikipedia.org/wiki//dev/random
Actually it seems that the spec of mktemp/mkstemp (the versions without the suffix) doesn't require real randomness, just that the filename is unique at this moment. This means that an implementation is allowed to try reproducible filenames before cryptographically random filenames in case of failure. In this case, if one of these function is used, an attack could be easy without true randomness when generating the real file (with the suffix). -- Vincent Lefèvre <[email protected]> - Web: <http://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
