[Opendnssec-develop] getting rid of HSM calls from the communicator

Jakob Schlyter jakob at kirei.se
Wed Sep 9 10:39:38 UTC 2009

On 9 sep 2009, at 11.01, Jakob Schlyter wrote:

> I suggest we get rid of the only HSM call that we have in the  
> communicator/libksm, the salt generation, and use some other random  
> function instead. generating the salt is not critical and libhsm to  
> this doesn't really help that much.

so I'm saying this code (now used when no HSM is found) is good enough  
for generating the salt:

                 srand( time(0) );
                 for (i = 0; i < 2*(policy->denial->saltlength); i++) {
                     salt[i] = hex_chars[rand()%strlen(hex_chars)];

remember that the salt is published in the zone and does not have to  
be very random.


More information about the Opendnssec-develop mailing list