apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <...@manyfish.co.uk>
Subject Re: apr_uuid_get() hanging on /dev/random
Date Sun, 07 Mar 2004 21:20:43 GMT
On Sun, Mar 07, 2004 at 12:00:47PM -0800, Stas Bekman wrote:
> >Tell them to use --with-devrandom=/dev/urandom - however, that can't be 
> >our default as that's not secure.  Or, they can setup EGD and use 
> >--with-egd.
> 
> Thanks Justin. But "tell them" is not a good solution. We don't want to get 
> a bug report from every user who has this problem (and this is not a first 
> time we get it). mod_perl uses this call at the server startup, so any user 
> with this issue will get the problem. Any suggestions for workarounds so 
> that the application will suggest that solution on its own?

I think the only solution for 0.9.x is to add another function e.g.
apr_generate_weak_random_bytes() which uses /dev/urandom if available,
and use that in the uuid code and anywhere else which doesn't need
crypto-strength random data (i.e. everywhere really) - I posted a patch
for this once.

joe


Mime
View raw message