httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Life is hard, and then you die." <ron...@innovation.ch>
Subject Re: Updated mod_digest
Date Mon, 28 Dec 1998 08:23:50 GMT

On Mon, 28 Dec 1998, "Ralf S. Engelschall" <rse@engelschall.com> wrote:

> > Hmm, yes, that looks pretty good. Thanks for the tip. One question: if
> > this device exists, does it always produce something reasonable? I.e.
> > is a test for the existence of this device sufficient? I thought I
> > overheard something somewhere that sometimes /dev/random is just a
> > dummy device.
> 
> Be careful with /dev/random. I've tried to use it in mod_ssl for SSLeay's
> "ssleay genrsa" command and it worked fine under FreeBSD's /dev/random. But
> after releasing it, we discovered that although some Linux platforms have
> /dev/random it works slightly different there. At least "ssleay genrsa" hang
> an these systems. I've not looked inside SSLeay's genrsa command, but when you
> want to use it, perhaps you should do it first. I'm sure either SSLeay's
> genrsa command does it use incorrectly or the /dev/random on those Linux
> platforms was broken. Let's hope the first is the case...

Yes, using /dev/random will "hang" if not enough entropy has been
acquired - /dev/urandom will not hang (but will return a "less" random
value).

I haven't looked at genrsa in detail, but if it needs a lot of bytes
then that could a problem. I'm thinking that the 20 bytes needed for
mod_digest shouldn't be too much of a problem. Of course, one could
let the user choose whether to use /dev/random or /dev/urandom.


  Cheers,

  Ronald


Mime
View raw message