apr-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 44881] New: libapr uses /dev/ random as default entropy source on Linux systems
Date Sat, 26 Apr 2008 15:11:26 GMT

           Summary: libapr uses /dev/random as default entropy source on
                    Linux systems
           Product: APR
           Version: HEAD
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: APR
        AssignedTo: bugs@apr.apache.org
        ReportedBy: alexanderv@gmx.net

Using /dev/random as entropy source on Linux systems without a hardware RNG is
generally not a good idea since /dev/random blocks if the system cannot gather
enough entropy. This may result in severe performance degradation for
applications that use libapr. An example is Subversion on many Linux


There seems to be no evidence that /dev/urandom will produce more insecure
random data than /dev/random for most practical purposes. So /dev/urandom would
be a more reasonable default for the APR on Linux.

Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org

View raw message