apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Comstock <st...@trainersfriend.com>
Subject Re: Trouble in river city.
Date Thu, 26 Jun 2008 03:14:40 GMT
William A. Rowe, Jr. wrote:
> Steve Comstock wrote:
>> William A. Rowe, Jr. wrote:
>> [snip]
>>
>>> Guessing there was no source of entropy.  C.f. apr ./configure;
>>>
>>>   --with-egd[=DIR]        use EGD-compatible socket
>>>   --with-devrandom[=DEV]  use /dev/random or compatible [searches by 
>>> default]
>>
>> I'm glad you suggested that. It gives me the opportunity to
>> ask a few questions:
>>
>> * I've heard of entropy in the physics sense; I've seen
>>   or two references to it in the software context; what
>>   does "entropy" mean in the software context?
> 
> randomness that is not predicted, e.g. other than a pseudorandom sequence,
> since these can be predicted.
> 
>> * What creates entropy? What is the significance of your
>>   suggested --with options?
> 
> In the pc sense, usually /dev/random or /dev/urandom, there are various
> prngd alternatives.  These work by deciding to watch sensors in the PC,
> e.g. you might take a measurement of the cpu's temperature measured in
> .001 degree (to .010), or the arrival timing of packets on the network,
> etc.  /dev/random does so for all bits of entropy, /dev/urandom does the
> best it can with true bits of entropy, and makes up the difference with
> pseduorandom data so that it won't block.
> 
> You must have one.  bin/htpasswd was considered insecure, so it was
> modified to grab a few mostly random bytes for seeding.  (httpd project's
> choice, not ours).

Ahhh! That's the clue that does the trick for me: a source
of seeds for a random number generator, that you need for
creating / processing passwords. Thanks!

z/OS has /dev/urandom, so I guess I'll use that.


> 
>> * What made you think, from my post, that there was no
>>   source of entropy? What was your clue?
> 
> Someone else reported similar a while ago, and this parked itself away
> in my brain for a month or two.
> 
> You mentioned apr_get_password - I had the same failure a couple of days
> ago on HP/UX 11.11 (a new box) and realized that we hadn't installed the
> HP/UX /dev/random, /dev/urandom drivers nor choose a source like prngd.
> Seeing as I'm done supporting 11.00, HP's driver made more sense.
> 
> http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I


Makes sense to me. Thanks again.

Do I need to specify --with-devrandom=/dev/urandom just
for the apr configure, or do I need to specify it at
for apr-util also? Or, can I just do the httpd configure
and depend on that process carrying down? [I'd like to
just run httpd ./configure; doesn't that invoke the apr
and apr-util configure scripts on your behalf?




Kind regards,

-Steve Comstock
The Trainer's Friend, Inc.

303-393-8716
http://www.trainersfriend.com

   z/OS Application development made easier
     * Our classes include
        + How things work
        + Programming examples with realistic applications
        + Starter / skeleton code
        + Complete working programs
        + Useful utilities and subroutines
        + Tips and techniques

==> Check out the Trainer's Friend Store to purchase z/OS  <==
==> application developer toolkits. Sample code in four    <==
==> programming languages, JCL to Assemble or compile,     <==
==> bind and test.                                         <==
==>   http://www.trainersfriend.com/TTFStore/index.html    <==

Mime
View raw message