apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: apr_generate_random_bytes() blocks forever
Date Thu, 17 Apr 2003 15:59:54 GMT
Greg Stein wrote:

> On Wed, Apr 16, 2003 at 10:55:23AM -0500, Ben Collins-Sussman wrote:
> 
>>...
>>So perhaps svn_repos_create() shouldn't be calling apr_uuid_get() at
>>all?  Perhaps svn should have its own pseudorandom-nonblocking uuid
>>generator?  Perhaps APR could grow one?
> 
> 
> SVN should absolutely NOT grow a UUID generator. Don't even start thinking
> along those lines. That is squarely in the realm of APR, as it can simply
> defer to Windows's builtin function for that platform. I think some unix
> platforms actually have it, but APR just rolls its own according to the
> spec.

Except Windows UUIDs are evil and should not be used (they allow an
attacker to collate all UUIDs that belong to the same machine).

> To answer Ben Laurie's question: we could probably use rand() if it was at
> all reasonably seeded. I'd have to trace the logic again, but I believe we
> shove the random data (along with other info) thru an MD5 hash to produce
> some "random" bits. I could be that we hash other stuff, and just use the
> random data directly. Not sure.
> 
> In any case, it really doesn't need cryptographic random data, but it should
> at least have a well-seeded rand() value.

Right - there's (at least) two interesting properties of randomness
which are:

a) collision-resistance

b) unpredictability

I presume that you are claiming that for UUIDs you need a) but not b),
correct? Presumably UUIDs are not secret, or they'd be pointless, so I'm
inclined to agree.

In which case, we're after, essentially, non-cryptographic randomness.
We still need it to have a lot of entropy, but we don't need it to be
unpredictable (an interesting point here for crypto mavens is that this
shows out how we misuse the term "entropy" in crypto).

There's a case to be made for not even using /dev/urandom for this!

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff


Mime
View raw message