Skip to content

Commit

Permalink
Secure random seed from Spark Cloud
Browse files Browse the repository at this point in the history
  • Loading branch information
Zachary Crockett committed Aug 31, 2014
1 parent 6dd0504 commit 4aeb054
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions src/spark_protocol.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1233,6 +1233,10 @@ int SparkProtocol::set_key(const unsigned char *signed_encrypted_credentials)
_message_id = *(credentials + 32) << 8 | *(credentials + 33);
_token = *(credentials + 34);

unsigned int seed;
memcpy(&seed, credentials + 35, sizeof(seed));
srand(seed);

return 0;
}
else return 2;
Expand Down

3 comments on commit 4aeb054

@m-mcgowan
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WIth SYSTEM_MODE manual/semi-auto, the first cloud connection may happen sometime after the user app has already started using random(), and where the app may be expecting a specific sequence of numbers, such as if srand() has already been called.

With this in mind, it might be a good idea to allow users to opt-out of fetching a new random seed each time the cloud is connected. This can be done by defining a weak function to set the seed:

void set_random_seed_from_cloud(unsigned int seed) __attribute(weak) {
   srand(seed);
}

So the default behavior is to set the seed from the cloud, users have a way to opt-out of setting the random seed by defining this function as a no-op, or they can use the new seed in some other way that may be more appropriate to their use case.

@towynlin
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Thanks! Good thinking @m-mcgowan! Default should be to set from cloud during handshake, and then yes, there should be an easy way to opt out. With your suggestion, it sounds like the simplest user application code for opting out would be to add this line.

void set_random_seed_from_cloud(unsigned int seed) {}

which basically says, "When the cloud gives me a new seed, do nothing with it, instead of actually calling srand."

This will be a rare choice among novices and more common among experts. I'm debating whether we should do anything to make it cleaner, e.g., #define NO_RANDOM_SEED_FROM_CLOUD or Spark.ignoreRandomSeed().

In writing them out these strike me just clutter compared to simply defining the no-op function (which allows usage of the seed for something else), but I'm open to other opinions.

@andyw-lala
Copy link

@andyw-lala andyw-lala commented on 4aeb054 Aug 31, 2014 via email

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.