apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philip Martin <phi...@codematters.co.uk>
Subject Re: Hash collision vectors in APR?
Date Fri, 13 Jan 2012 10:32:49 GMT
Chris Darroch <chrisd@pearsoncmg.com> writes:

>   The other question, I suppose, is whether there's a hit to performance
> from apr_generate_random_bytes() call.  Without having tested explicitly,
> it looks like the default case for modern Linux is APR_HAS_RANDOM=1 and
> DEV_RANDOM=/dev/random, with /dev/random blocking when there's no entropy.
> That might, I think, cause apr_hash_make() to block unexpectedly for
> callers.

I'm not sure how Linux distributors configure things, but APR itself
defaults to /dev/urandom.  From

http://svn.apache.org/repos/asf/apr/apr/trunk/configure.in

    # prefer /dev/arandom, which does; see random(4).
    for f in /dev/arandom /dev/urandom /dev/random; do

As far as I can tell on FreeBSD /dev/random doesn't block:

http://www.freebsd.org/cgi/man.cgi?query=random&apropos=0&sektion=4&manpath=FreeBSD+9.0-RELEASE&arch=default&format=html

I don't think apr_hash_make should be trying to second guess
apr_generate_random_bytes.

-- 
Philip

Mime
View raw message