Re: BSDStats v4.0: Attempt to address some major issues ...

Marc G. Fournier wrote:

I've increased the size of the IDTOKEN to 32 from 16, since I've been
noticing alot of duplicates when two hosts submit at close to the same
time ...

Ummm... that's actually really bad. That means that the RNG used by OpenSSL
(hence SSH and others) is not actually producing anything like a proper
random sequence for a lot of people. Hence all sorts of crypto handled by
those machines is potentially vulnerable to attack. If this is the case,
going from 16 to 32 bytes of random token won't actually help at all.

On the other hand, the duplicates could be the result of people deliberately
trying to frig the statistics or just innocently running the 300.statistics
script manually several times. In either case, entries with duplicate tokens
should be discarded -- I guess you'ld always want to keep just the last entry
for any token.

Cheers,

Matthew

--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW

Attachment: signature.asc
Description: OpenPGP digital signature