Generate better Acct-Session-Id

Jouni Malinen j
Sat Jun 6 08:23:08 PDT 2015

On Thu, Jun 04, 2015 at 06:38:41PM -0400, Alan DeKok wrote:
>     The current code generates Acct-Session-Id based on the current time.  However, some systems without real-time clocks always have the same time when they boot.  So the Acct-Session-Id values were getting re-used.
>   The patch uses os_get_random(), or if that fails, the does an exclusive-or of the time in seconds and microseconds.  There microseconds are likely to vary somewhat, even on systems with no real-time clock.

Thanks, applied. Though, I made this XOR microseconds part in even for
the random value case. Obviously, this should not be needed with a
proper random number, but well, there are likely still some embedded
devices, where /dev/random is broken and only a small set of different
values may be available early after the boot and with that file not even
blocking reads properly..

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list