Return-Path: X-Original-To: apmail-brooklyn-dev-archive@minotaur.apache.org Delivered-To: apmail-brooklyn-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EC78E11B8B for ; Thu, 21 Aug 2014 17:09:12 +0000 (UTC) Received: (qmail 75920 invoked by uid 500); 21 Aug 2014 17:09:12 -0000 Delivered-To: apmail-brooklyn-dev-archive@brooklyn.apache.org Received: (qmail 75892 invoked by uid 500); 21 Aug 2014 17:09:12 -0000 Mailing-List: contact dev-help@brooklyn.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@brooklyn.incubator.apache.org Delivered-To: mailing list dev@brooklyn.incubator.apache.org Received: (qmail 75873 invoked by uid 99); 21 Aug 2014 17:09:12 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Aug 2014 17:09:12 +0000 X-ASF-Spam-Status: No, hits=-2000.7 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO mail.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with SMTP; Thu, 21 Aug 2014 17:08:50 +0000 Received: (qmail 72094 invoked by uid 99); 21 Aug 2014 17:08:48 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Aug 2014 17:08:48 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id CB9ED9C08D5; Thu, 21 Aug 2014 17:08:47 +0000 (UTC) From: aledsage To: dev@brooklyn.incubator.apache.org Reply-To: dev@brooklyn.incubator.apache.org References: In-Reply-To: Subject: [GitHub] incubator-brooklyn pull request: change default value for JcloudsL... Content-Type: text/plain Message-Id: <20140821170847.CB9ED9C08D5@tyr.zones.apache.org> Date: Thu, 21 Aug 2014 17:08:47 +0000 (UTC) X-Virus-Checked: Checked by ClamAV on apache.org Github user aledsage commented on the pull request: https://github.com/apache/incubator-brooklyn/pull/117#issuecomment-52950989 All very interesting! I think we need a security expert! http://www.2uo.de/myths-about-urandom/ quotes folk like http://en.wikipedia.org/wiki/Daniel_J._Bernstein to suggest that urandom is not that bad (usually). What we would want to check though is the case where the randomness pool has never been initialized (e.g. by checking `cat /proc/sys/kernel/random/entropy_avail`). I like the idea of using `haveged` to add some additional entropy so that CSPRNG re-seeds, but using `/dev/urandom` seems not too bad. I want a real security expert to answer this question though, and until then we must play it safe (i.e. stick with /dev/random as the default). --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastructure@apache.org or file a JIRA ticket with INFRA. ---