You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Ben Laurie <be...@algroup.co.uk> on 1999/08/14 14:30:59 UTC
Re: cvs commit: apache-1.3/src/modules/experimental mod_auth_digest.c
Makefile.tmpl
"Life is hard, and then you die." wrote:
>
> Ralf Engelschall wrote:
> >
> > In article <19...@hyperreal.org> you wrote:
> > > ronald 99/08/08 15:34:25
> > >
> > > [...]
> > > RULE_DEV_RANDOM=`./helpers/CutRule DEV_RANDOM $file`
> > > if [ "$RULE_DEV_RANDOM" = "default" ]; then
> > > if [ -r "/dev/random" ]; then
> > > RULE_DEV_RANDOM="/dev/random"
> > > elif [ -r "/dev/urandom" ]; then
> > > RULE_DEV_RANDOM="/dev/urandom"
> > > else
> > > RULE_DEV_RANDOM="truerand"
> >
> > Hmmm... are you sure it's a good decision to prefer /dev/random over
> > /dev/urandom unless you're reading in non-blocking mode from this device? I
> > know /dev/random provides the required entropy while /dev/urandom might not,
> > but /dev/random will block Apache (possibly for _VERY_ long!) when not enough
> > entropy is available. IMHO the order should be /dev/urandom -> /dev/random ->
> > truerand. This order then goes from the weakest to the strongest and also from
> > the fastest to the slowest.
>
> Yes, I'm aware that /dev/random will block. In my experience that
> seldom happens, though. 20 bytes is not that much, and a system with
> no mouse movements generates about 1 byte of entropy a second, so you
> would have a worst case delay of about 20 seconds (assuming you don't
> have other processes reading /dev/random too). I decided to do it in
> that order because I put more weight on getting a good seed. The
> decision is arguable, though.
>
> Btw., I'm not sure that truerand is stronger than /dev/random - I think it
> might be the other way around. It'd be interesting to compare.
In my experience truerand is not very random at all.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi