Return-Path: 
 <dev-return-9488-apmail-apr-dev-archive=apr.apache.org@apr.apache.org>
Delivered-To: apmail-apr-dev-archive@apr.apache.org
Received: (qmail 69192 invoked by uid 500); 21 Mar 2003 06:47:14 -0000
Mailing-List: contact dev-help@apr.apache.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:dev@apr.apache.org>
List-Help: <mailto:dev-help@apr.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@apr.apache.org>
List-Subscribe: <mailto:dev-subscribe@apr.apache.org>
Delivered-To: mailing list dev@apr.apache.org
Received: (qmail 69181 invoked from network); 21 Mar 2003 06:47:14 -0000
Date: Thu, 20 Mar 2003 22:47:30 -0800
From: Justin Erenkrantz <justin@erenkrantz.com>
To: dev@apr.apache.org
Subject: Re: non-availability of APR_HAS_RANDOM implications on security
Message-ID: <2147483647.1048200450@[10.0.1.6]>
In-Reply-To: <3E7A7E69.5010804@stason.org>
References: <3E7A6C41.7000802@stason.org> <3E7A7112.5020108@xbc.nu>
 <3E7A772E.5030409@stason.org> <3E7A7E69.5010804@stason.org>
X-Mailer: Mulberry/3.0.3 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Spam-Status: No, hits=-2.5 required=5.0
	tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES
	version=2.50-cvs
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

--On Friday, March 21, 2003 1:52 PM +1100 Stas Bekman <stas@stason.org> wrote:

> However apr-util/crypto/getuuid.c provides a *sort of* random implementation
> where APR_HAS_RANDOM is not available in two functions. in the true_random()
> we have this nice note:
>
> /* crap. this isn't crypto quality, but it will be Good Enough */

IMHO, UUID's don't need crypto-quality random numbers - therefore, the 
pid/time hacks are good enough just for UUID's but not in the general case.

I'm sure someone will disagree with me though.  -- justin