Re: [mosquitto-dev] library clientid not random enough

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mosquitto-dev] library clientid not random enough

From: "Nicholas O'Leary" <nick.oleary@xxxxxxxxx>
Date: Mon, 15 Feb 2016 21:16:54 +0000
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/mosquitto-dev>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>

Hi,

One thing to bear in mind is that pid would be susceptible to clashes if you had two devices set to connect on boot that are turned on at the same moment (ie, power is restored simultaneously). If they are running identical software images, the processes IDs are likely to be the same.

Nick

On 15 February 2016 at 21:05, Roger Light <roger@xxxxxxxxxx> wrote:

Hi Stefan,

That sounds pretty reasonable to me. Aside from the pid, /dev/random
isn't very portable anyway - a better solution would be the openssl
random functions if available.

Cheers,

Roger

On Wed, Feb 10, 2016 at 9:30 AM, Stefan May <stefan.may@xxxxxxx> wrote:
> Hi,
>
> I found some log messages at the mosquitto broker regarding dis-/reconnects
> that were caused by clients using the same clientid. I'm using the automatic
> generation of clientids in the call mosquitto_new().
>
> So what exactly happens is the following: two clients starting
> *simultaneously* on different computers. Sometimes they get the same
> clientid.
>
> Digging into the library code I was searching for the seeding of PRNG and
> found it in mosquitto_lib_init(). The PRNG is only seeded with the current
> time, which can be equal on different computers. In my opinion it should be
> seeded not only with time, but with some better randomness, so that
> collisions between different clients are reduced. Is using time and getpid()
> a better candidate? Using /dev/random seems like breaking a fly on the
> wheel.
>
> tty, Stefan.
> --
> Stefan May
> Department MPS
>
> Deutsches Elektronen-Synchrotron DESY
> A Research Centre of the Helmholtz Association
> Notkestr. 85, 22607 Hamburg
>
> Phone: +49-40-8998-4636
> for guests: Bldg. 30/Rm. 419
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit
> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

Follow-Ups:
- Re: [mosquitto-dev] library clientid not random enough
  - From: Roger Light

References:
- [mosquitto-dev] library clientid not random enough
  - From: Stefan May
- Re: [mosquitto-dev] library clientid not random enough
  - From: Roger Light

Prev by Date: Re: [mosquitto-dev] library clientid not random enough
Next by Date: Re: [mosquitto-dev] [PATCH] Add MQTT URL scheme support
Previous by thread: Re: [mosquitto-dev] library clientid not random enough
Next by thread: Re: [mosquitto-dev] library clientid not random enough
Index(es):
- Date
- Thread

Breadcrumbs