httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: how to avoid balancer manager nonce?
Date Sat, 01 Sep 2012 19:13:02 GMT

On Sep 1, 2012, at 12:39 PM, Ben Laurie <ben@links.org> wrote:

> On Sat, Sep 1, 2012 at 4:47 PM, Jim Jagielski <jim@jagunet.com> wrote:
>> Another alternative would be to have the nonce also possibly
>> set at config-time and, if unset, then use the uuid. That way
>> it could also be used as a sort of shared-secret ;)
>> 
>>        ProxySet nonce="applepie!"
>> 
>> Longer term, I think that's a more "strategic" solution.
> 
> What? Nonces are one-time use only, by definition.
> 

Then we change the name from "nonce" to something else... Preventing
or arguing against a solid, reliable fix and enhancement because
it's called something is pretty bogus.

Or the other thing, other than renaming it, is to not be so
pedantic... after all, how long did we have 'MaxRequestsPerChild'? ;)

> Better, IMO, would be to either use insecure random, or, better still,
> seed a PRNG from secure random once and use that from then on (for all
> randomness).
> 
> Or switch to FreeBSD where /dev/random does not block :-)
> 
>> On Aug 31, 2012, at 2:14 PM, Stefan Fritsch <sf@sfritsch.de> wrote:
>> 
>>> On Friday 31 August 2012, Eric Covener wrote:
>>>> I'm fighting a problem on new releases of AIX where in some
>>>> environments, /dev/random seems to run out of entropy way too
>>>> quick.
>>>> 
>>>> I'd like a way to suppress the apr_uuid_get->
>>>> apr_generate_random_bytes() in mod_proxy_balancer used for the
>>>> balancer-manager nonce in affected environments.
>>>> 
>>>> I was thinking a global "BalancerManager off" could be used for
>>>> this and would also have the upside of fixing the SetHandler
>>>> htaccess problem.
>>>> 
>>>> Alternatives would be to find a weaker source for the nonce, or
>>>> allow tto opt out / use a hard-coded one.
>>>> 
>>>> Any suggestions?
>>> 
>>> For 2.4, you could use ap_random_insecure_bytes(). It should be good
>>> enough for a nonce.
>>> 
>>> If you add a "BalancerManager off", it should be per directory, or at
>>> least per vhost. Otherwise it would not help that much with the
>>> SetHandler htaccess problem.
>>> 
>> 
> 


Mime
View raw message