[dpdk-dev] [PATCH] examples/ipsec-secgw: Calling risky function

Sergio Gonzalez Monroy sergio.gonzalez.monroy at intel.com
Tue Jun 7 10:15:28 CEST 2016


On 07/06/2016 09:58, Slawomir Mrozowicz wrote:
> lrand48 should not be used for security related applications,
> as linear congruential algorithms are too easy to break.
> Used a compliant random number generator /dev/urandom.
>
> Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
> Coverity ID 124558
>
> Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz at intel.com>
> ---

I understand that lrand48 is not crypto secure, but this fix will kill 
performance.

I already have a solution for this issue to be included in the next 
IPSec patch set
that will also add support for GCM/CTR modes.

Sergio



More information about the dev mailing list