httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralf S. Engelschall" <...@engelschall.com>
Subject Re: Updated mod_digest
Date Mon, 28 Dec 1998 07:33:25 GMT

In article <199812280456.FAA15111@chill.innovation.ch> you wrote:

>> >  If anybody knows a better (i.e. faster) random number generator that
>> >  would be great. But it must be cryptographically strong.
>> 
>> On some systems (Linux, BSD etc.) you can use /dev/random if it exists.

> Hmm, yes, that looks pretty good. Thanks for the tip. One question: if
> this device exists, does it always produce something reasonable? I.e.
> is a test for the existence of this device sufficient? I thought I
> overheard something somewhere that sometimes /dev/random is just a
> dummy device.

Be careful with /dev/random. I've tried to use it in mod_ssl for SSLeay's
"ssleay genrsa" command and it worked fine under FreeBSD's /dev/random. But
after releasing it, we discovered that although some Linux platforms have
/dev/random it works slightly different there. At least "ssleay genrsa" hang
an these systems. I've not looked inside SSLeay's genrsa command, but when you
want to use it, perhaps you should do it first. I'm sure either SSLeay's
genrsa command does it use incorrectly or the /dev/random on those Linux
platforms was broken. Let's hope the first is the case...

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

Mime
View raw message