httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Life is hard, and then you die." <ron...@innovation.ch>
Subject Re: Updated mod_digest
Date Fri, 25 Dec 1998 03:44:32 GMT

One day, Lars Eilebrecht wrote:
> 
> According to Ronald Tschalär:
> 
> >  I've mentioned that I've been working on a new version of mod_digest, so
> >  here it is.
> 
> I just applied your patch and tried to test it, but unfortunately
> httpd doesn't start up correctly...
> 
> It outputs the message "generating secret for digest authentication"
> to the error log and starts to hog the cpu after a call to setitimer().

Yes, that's the way truerand works: it sets up a timer (16 ms) and then
does a tight loop in which it just increments a counter. The count is
then hashed up and the whole thing repeated 22 times. This generates
one byte. To generate 20 bytes therefore takes about 7 to 8 seconds.

> strace reveals the following:
> 
>  [...]
>  write(16, "httpd: [Wed Dec 23 23:24:53 1998"..., 91) = 91
>  sigaction(SIGALRM, {0x80a14c0, [], SA_NOCLDSTOP|0x36}, {SIG_DFL}) = 0
>  setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={0, 16665}},
>   {it_interval={0, 0}, it_value={0, 0}}) = 0
>  --- SIGALRM (Alarm clock) ---
>  sigaction(SIGALRM, {0x80a14c0, [], SA_STACK|0x628e0}, {0x80a14c0, [],
>   SA_STACK|0x4a4e0}) = 0
>  setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={0, 16665}},
>   {it_interval={0, 0}, it_value={0, 0}}) = 0

Doesn't it ever get out of this?

If anybody knows a better (i.e. faster) random number generator that
would be great. But it must be cryptographically strong.

Note that this is only run once at startup and is just used to seed the
actual random number generator (which is a SHA-1 of this seed, the time,
and a few other things).


  Cheers,

  Ronald


Mime
View raw message