Frank v Waveren <fvw@var.cx> writes:
> But than again, that's the same principle of all encryption (Except
> onetimepad
> XOR). The secret is available, you just have to do incredible amounts of work
> to get it.
Well... I wouldn't personally trust 32-bit encryption nowadays.
And with encryption an attacker usually can't request additional
clear texts to be encrypted, for example 1000 times per second.
> But all in all, a broken program is a broken program. Period.
Sure.
> Imho, just random filenames isn't enough either, I assume it's allways
> possible
> to check if a file/symlink with the chosen name exists, right? So just start
> with /tmp/tempfile-[pid]-1 (the pid to stop the slight nuisance of several
> programs all searching the same namespace), and if it exists try
> /tmp/tempfile-[pid]-2, etc.
Sure. Making file test and creation atomic (like mkdir) gives us safety
here.
-- Krzysztof Halasa Network Administrator- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jan 23 2000 - 21:00:13 EST