brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aledsage <...@git.apache.org>
Subject [GitHub] incubator-brooklyn pull request: change default value for JcloudsL...
Date Thu, 21 Aug 2014 17:08:47 GMT
Github user aledsage commented on the pull request:

    https://github.com/apache/incubator-brooklyn/pull/117#issuecomment-52950989
  
    All very interesting! I think we need a security expert!
    
    http://www.2uo.de/myths-about-urandom/ quotes folk like http://en.wikipedia.org/wiki/Daniel_J._Bernstein
to suggest that urandom is not that bad (usually).
    
    What we would want to check though is the case where the randomness pool has never been
initialized (e.g. by checking `cat /proc/sys/kernel/random/entropy_avail`).
    
    I like the idea of using `haveged` to add some additional entropy so that CSPRNG re-seeds,
but using `/dev/urandom` seems not too bad.
    
    I want a real security expert to answer this question though, and until then we must play
it safe (i.e. stick with /dev/random as the default).


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message