NSD is an open source implementation of an authoritative DNS server. It has a very good security record, and lower memory usage compared to ISC BIND. As part of hackers.mu quest to make the Internet better, we decided to look into NSD's crypto related parts, and see how we can improve it for all of the NSD users in Mauritius.
We came across cases of modulo biases in the form of arc4random() % foo. From a mathematical point of view, this causes a bias, causing the randomization to be slightly less random. This is NOT good :). Our patch uses arc4random_uniform() which is an iterative solution which reduces modulo bias.
NSD took our patch and committed it:
10 December 2015: Wouter
- 4.1.7 release
- trunk has 4.1.8 in development.
- take advantage of arc4random_uniform if available, patch from Loganaden Velvindron.
Another small step to make the Internet more secure :)