apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cliff Woolley <jwool...@virginia.edu>
Subject /dev/urandom vs /dev/random [was Re: 2.0.36 hangs on linux on startup]
Date Sat, 25 May 2002 21:21:29 GMT
On Wed, 22 May 2002, Aaron Bannert wrote:

> On Wed, May 22, 2002 at 08:24:04PM -0700, Justin Erenkrantz wrote:
> > IIRC, /dev/random is a "better" source of entropy than /dev/urandom
> > because /dev/random can block waiting for good enough bits gathered
> > from the system while /dev/urandom must always spit out something, so
> > its entropy isn't guaranteed to be as good.
>
> You're correct, but it's the blocking part that's the problem here.
> I'm not sure how much entropy is required by mod_auth_digest, but
> something tells me that we need to do one of the following:
>
> 1) prefer /dev/urandom over /dev/random
> 2) disable mod_auth_digest by default [in binbuilds]
> 3) open /dev/random in non-blocking mode and defer EAGAIN reads
>    until later (read it at startup; if it would block, try again when
>    the entropy is actually needed, failing if it isn't ready by then
>      -- no idea if this would even work).

Can we come to a consensus on this?  For those just joining the
conversation, the problem is that APR's apr_generate_random_bytes()
currently prefers /dev/random over /dev/urandom, which causes Apache's
mod_auth_digest to hang at startup if there's not enough entropy available
from /dev/random.  I proposed the following patch:

Index: configure.in
===================================================================
RCS file: /home/cvs/apr/configure.in,v
retrieving revision 1.449
diff -u -d -r1.449 configure.in
--- configure.in        14 May 2002 07:38:16 -0000      1.449
+++ configure.in        25 May 2002 21:22:39 -0000
@@ -1527,13 +1527,13 @@
 dnl #----------------------------- Checking for /dev/random
 AC_MSG_CHECKING(for /dev/random)

-if test -r "/dev/random"; then
-    AC_DEFINE(DEV_RANDOM, [/dev/random])
-    AC_MSG_RESULT(/dev/random)
-    rand="1"
-elif test -r "/dev/urandom"; then
+if test -r "/dev/urandom"; then
     AC_DEFINE(DEV_RANDOM, [/dev/urandom])
     AC_MSG_RESULT(/dev/urandom)
+    rand="1"
+elif test -r "/dev/random"; then
+    AC_DEFINE(DEV_RANDOM, [/dev/random])
+    AC_MSG_RESULT(/dev/random)
     rand="1"
 else
     case $host in


Thanks,
Cliff


Mime
View raw message