apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: PR #44881
Date Fri, 02 May 2008 15:05:18 GMT
Joe Orton wrote:
> Given the lack of such a guarantee, nobody would presume the data is 
> suitable for cryptographic use, e.g. private keys.  So I think it's 
> right to make it fast at the expense of strength, and it should prefer 
> /dev/urandom over /dev/random.  (In Fedora we've been building APR to 
> use /dev/urandom forever, FWIW)

Then I suggest we change the defaults, if this is what people (probably
other distributions as well) use in *practice*.

> I proposed a new API something like Lucian describes above, way back 
> when: http://markmail.org/message/f7on762ulztbmocr


This _ex() api can certainly still be added to 1.4 and given some clues
to pick from one of several sources.

> In retrospect, I don't think it's a good idea for APR to venture further 
> into this domain without a thorough review of what different randomness 
> sources are available on different OSes, what are the common 
> denominators, etc. The previous effort at providing something more 
> general here is completely unused (apr/random) and been a waste of space 

Well, some general level of randomness is necessary, it's certainly one of
many portability problems to be solved.

Given that in reality OS distributors have changed the preference in order
to attain non-blocking behavior, and this is not used by us for crypto,
let's move forward with the urandom patch, eh?


View raw message