apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: PR #44881
Date Fri, 02 May 2008 09:36:44 GMT
On Mon, Apr 28, 2008 at 06:48:43PM +0300, Lucian Adrian Grijincu wrote:
> Wouldn't adding a new function be more suitable?
> http://apr.apache.org/docs/apr/1.2/group__apr__random.html:
> apr_generate_random_bytes says it will "Generate random bytes". This
> says nothing about the "pseudo-" vs. "true-" randomness of the
> generated array.
> apr_generate_random_bytes_ex with an extra "flags" field seems a better way:
> * APR_RANDOM_TRUE - a true random source, return an error if no true
> random source is found on the system.
> * APR_RANDOM_PSEUDO - a pseudo

This is a complicated subject, and I'm not an expert, but...

The Linux /dev/random vs /dev/urandom distinction is not the same as 
"true random" vs "pseudo-random".

Linux /dev/random provides pseudo-random data with a guarantee of high 
entropy; that's not the same thing as "true" randomness.  The closest we 
can get to "true" randomness is the use of a hardware RNG, which draws 
from some physical source of entropy like thermal noise.  Such RNGs are 
exposed directly on some platforms, but hardware is not that common.

Currently apr_generate_random_bytes() provides no API guarantee on the 
"strength" (level of entropy) of the random data returned; nor any 
guarantee on whether it blocks.

Given the lack of such a guarantee, nobody would presume the data is 
suitable for cryptographic use, e.g. private keys.  So I think it's 
right to make it fast at the expense of strength, and it should prefer 
/dev/urandom over /dev/random.  (In Fedora we've been building APR to 
use /dev/urandom forever, FWIW)

I proposed a new API something like Lucian describes above, way back 
when: http://markmail.org/message/f7on762ulztbmocr

In retrospect, I don't think it's a good idea for APR to venture further 
into this domain without a thorough review of what different randomness 
sources are available on different OSes, what are the common 
denominators, etc. The previous effort at providing something more 
general here is completely unused (apr/random) and been a waste of space 


View raw message