apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <s...@stason.org>
Subject Re: apr_uuid_get() hanging on /dev/random
Date Sun, 07 Mar 2004 22:55:48 GMT
Joe Orton wrote:
> On Sun, Mar 07, 2004 at 12:00:47PM -0800, Stas Bekman wrote:
> 
>>>Tell them to use --with-devrandom=/dev/urandom - however, that can't be 
>>>our default as that's not secure.  Or, they can setup EGD and use 
>>>--with-egd.
>>
>>Thanks Justin. But "tell them" is not a good solution. We don't want to get 
>>a bug report from every user who has this problem (and this is not a first 
>>time we get it). mod_perl uses this call at the server startup, so any user 
>>with this issue will get the problem. Any suggestions for workarounds so 
>>that the application will suggest that solution on its own?
> 
> 
> I think the only solution for 0.9.x is to add another function e.g.
> apr_generate_weak_random_bytes() which uses /dev/urandom if available,
> and use that in the uuid code and anywhere else which doesn't need
> crypto-strength random data (i.e. everywhere really) - I posted a patch
> for this once.

+1!


__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Mime
View raw message