httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <c...@force-elite.com>
Subject Re: svn commit: r629164 - /httpd/httpd/trunk/support/htpasswd.c
Date Tue, 19 Feb 2008 19:15:55 GMT
André Malo wrote:
> * pquerna@apache.org wrote:
> 
>> Author: pquerna
>> Date: Tue Feb 19 09:05:26 2008
>> New Revision: 629164
>>
>> URL: http://svn.apache.org/viewvc?rev=629164&view=rev
>> Log:
>> Improve generation of the seed to rand, by using
>> apr_generate_random_bytes, rather than the current time as a seed.
> 
> Wouldn't it make more sense to drop all that seed and rand hassle and just 
> use the apr-random bytes directly as salt (alphabet[byte % len(alphabet)])

I guess so....

apr-random though has this nasty habit of using really random sources, 
and using all entropy on a system, and I'd prefer to not use it more 
than needed.....  As this has been the source of pain and several bug 
reports in the past....

-Paul



Mime
View raw message