[FFmpeg-devel] [PATCH] mxf umid generation
Sun Mar 8 09:03:49 CET 2009
On Sat, Mar 07, 2009 at 08:53:03PM -0800, Baptiste Coudurier wrote:
> > if /dev/random is available better if just a timer is available
> > you leak the cpu type & compiler version used.
> Well, I added ff_random_get_seed according to your indication :/
Maybe fixing the leak is better? Change ff_random_get_seed to encrypt
some pseudo-random number using another pseudo-random one as a key (i.e.
a poor man's hash)?
While you can still get the exact values if you can guess most of the
bits of the seed it would not leak them right-out.
You'd need at least 64+56 bits for e.g. DES though, you can reduce it to
64 if you use key==source (not sure if that is any better than fixed
source==0 security-wise I admit).
More information about the ffmpeg-devel