apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject apr_generate_random_bytes() - secure or pseudo?
Date Fri, 16 Nov 2012 11:59:20 GMT
Hi all,

The docs for apr_generate_random_bytes() just say "Generate random bytes.", but don't say
what kind of random bytes are being generated, secure or pseudo?

Obviously the newer apr_random_secure_bytes() and apr_random_insecure_bytes() make this clear,
but the older call doesn't.

A look at the source shows that on Unix, we either use /dev/random, EGD-compatible socket
daemon, or truerand, implying that we are generating secure bytes.

Is it correct to amend the docs to something like:

"Generate secure random bytes.

Randomness is obtained from /dev/random, an EGD compatible socket daemon, or the truer and
interface, depending on the platform."

Regards,
Graham
--


Mime
View raw message