[kudu-CR] KUDU-1843. Client UUIDs should be cryptographically random

["Todd Lipcon (Code Review)" <ge...@cloudera.org>]

Todd Lipcon has posted comments on this change.

Change subject: KUDU-1843. Client UUIDs should be cryptographically random
......................................................................


Patch Set 1:

(3 comments)

http://gerrit.cloudera.org:8080/#/c/6347/1/src/kudu/security/crypto-test.cc
File src/kudu/security/crypto-test.cc:

PS1, Line 257: for (int i = 0; i < 5; i++) {
> nit: would running this for 100 iters or something increase meaningfully ch
nah, I don't think so. With 128-bit strings as we're using here, we'd need 10^16 iterations to reach a one-in-a-million chance of collision :) (https://en.wikipedia.org/wiki/Birthday_problem)


http://gerrit.cloudera.org:8080/#/c/6347/1/src/kudu/security/crypto.cc
File src/kudu/security/crypto.cc:

PS1, Line 258: std::
> Nit: don't need
Done


Line 264:   OPENSSL_RET_NOT_OK(RAND_bytes(buf.data(), bytes), "failed to generate random bytes");
> I'm looking at https://wiki.openssl.org/index.php/Random_Numbers#Initializa
https://security.stackexchange.com/questions/3936/is-a-rand-from-dev-urandom-secure-for-a-login-key says that urandom is suitably random for this type of application. That's also the advice I've read in other recent sources


-- 
To view, visit http://gerrit.cloudera.org:8080/6347
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I0ea6868773cf046944f70c32c647184e4b48c772
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: David Ribeiro Alves <dr...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: Yes