From mboxrd@z Thu Jan 1 00:00:00 1970 From: Thomas Monjalon Subject: Re: [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator Date: Mon, 11 Jul 2016 16:17:19 +0200 Message-ID: <1838303.IRcXQLJGt7@xps13> References: <1464183292-24280-1-git-send-email-piotrx.t.azarewicz@intel.com> <21237364.CLn9ZV8ln9@xps13> <4837007523CC9A4B9414D20C13DE6E64136D27B2@IRSMSX102.ger.corp.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7Bit Cc: "Azarewicz, PiotrX T" , dev@dpdk.org To: "Doherty, Declan" Return-path: Received: from mail-wm0-f46.google.com (mail-wm0-f46.google.com [74.125.82.46]) by dpdk.org (Postfix) with ESMTP id 467722BA1 for ; Mon, 11 Jul 2016 16:17:25 +0200 (CEST) Received: by mail-wm0-f46.google.com with SMTP id o80so52892009wme.1 for ; Mon, 11 Jul 2016 07:17:25 -0700 (PDT) In-Reply-To: <4837007523CC9A4B9414D20C13DE6E64136D27B2@IRSMSX102.ger.corp.intel.com> List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" 2016-06-08 07:46, Azarewicz, PiotrX T: > > 2016-05-25 15:34, Piotr Azarewicz: > > > This patch improve generate_random_key() function by replacing rand() > > > function with reading from /dev/urandom. > > > > > > CID 120136 : Calling risky function (DC.WEAK_CRYPTO) > > > dont_call: rand should not be used for security related applications, > > > as linear congruential algorithms are too easy to break > > > > > > Coverity issue: 120136 > > > > > > Signed-off-by: Piotr Azarewicz > > > > Is it relevant for this example? > > Maybe not. But it don't break anything, and in the end make Coverity tool happy. > > Declan, please share your opinion. Declan?