Just a bit of security hygiene. (#4313)

* Make sure to call randomSeed() on esp32 * Randomize the top 22 bits of the Message ID * Make it clear that we are not calling randomSeed() on purpose --------- Co-authored-by: Ben Meadors <benmmeadors@gmail.com>
2025-12-21 02:02:23 +00:00 · 2024-07-23 11:52:14 -05:00
parent e27375d331
commit 300c3d32aa
2 changed files with 12 additions and 7 deletions
--- a/src/platform/esp32/main-esp32.cpp
+++ b/src/platform/esp32/main-esp32.cpp
@@ -91,8 +91,12 @@ void enableSlowCLK()

 void esp32Setup()
 {
+    /* We explicitly don't want to do call randomSeed,
+    // as that triggers the esp32 core to use a less secure pseudorandom function.
    uint32_t seed = esp_random();
    LOG_DEBUG("Setting random seed %u\n", seed);
+    randomSeed(seed);
+    */

    LOG_DEBUG("Total heap: %d\n", ESP.getHeapSize());
    LOG_DEBUG("Free heap: %d\n", ESP.getFreeHeap());