You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@apr.apache.org by it...@iijlab.net on 2002/06/16 14:35:12 UTC
random number generator
on unix platforms, apr shipped with httpd 2.0.36 asks for truely-
random number (/dev/random) instead of so-so random number
(/dev/urandom). question: is it really necessary to require
/dev/random instead of /dev/urandom? if not, does the following patch
make sense?
(i noticed this because it took more than 1 minute for httpd to start up)
itojun
--- httpd-2.0.36/srclib/apr/configure.in- Sun Jun 16 21:34:12 2002
+++ httpd-2.0.36/srclib/apr/configure.in Sun Jun 16 21:34:26 2002
@@ -1450,13 +1450,13 @@
dnl #----------------------------- Checking for /dev/random
AC_MSG_CHECKING(for /dev/random)
-if test -r "/dev/random"; then
- AC_DEFINE(DEV_RANDOM, [/dev/random])
- AC_MSG_RESULT(/dev/random)
- rand="1"
-elif test -r "/dev/urandom"; then
+if test -r "/dev/urandom"; then
AC_DEFINE(DEV_RANDOM, [/dev/urandom])
AC_MSG_RESULT(/dev/urandom)
+ rand="1"
+elif test -r "/dev/random"; then
+ AC_DEFINE(DEV_RANDOM, [/dev/random])
+ AC_MSG_RESULT(/dev/random)
rand="1"
else
case $host in
Re: random number generator
Posted by Cliff Woolley <jw...@virginia.edu>.
On Mon, 17 Jun 2002, hiroyuki hanai wrote:
> Ben Laurie wrote:
> > > you can specify with a ./configure argument which one you want. It will
> > > be part of 2.0.38.
> >
> > I still say it should be runtime configurable.
>
> I strongly agree with Ben.
Well, so do I. But somebody's got to sit down and code the thing. :)
What we have now is better than what we had before, but that's not to say
it couldn't be better still.
--Cliff
Re: random number generator
Posted by hiroyuki hanai <ha...@imgsrc.co.jp>.
Ben Laurie wrote:
> > you can specify with a ./configure argument which one you want. It will
> > be part of 2.0.38.
>
> I still say it should be runtime configurable.
I strongly agree with Ben.
hiro hanai
Re: random number generator
Posted by Ben Laurie <be...@algroup.co.uk>.
Cliff Woolley wrote:
> On Sun, 16 Jun 2002 itojun@iijlab.net wrote:
>
>
>> on unix platforms, apr shipped with httpd 2.0.36 asks for truely-
>> random number (/dev/random) instead of so-so random number
>> (/dev/urandom). question: is it really necessary to require
>> /dev/random instead of /dev/urandom? if not, does the following patch
>> make sense?
>
>
> We already had a big debate about this. We decided it's best not to pick
> the least secure option by default, so the patch below (which I already
> wrote :), isn't the way to go. Instead, I overhauled that whole system so
> you can specify with a ./configure argument which one you want. It will
> be part of 2.0.38.
I still say it should be runtime configurable.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
Re: random number generator
Posted by di...@covalent.net.
On Sun, 16 Jun 2002, Cliff Woolley wrote:
> On Sun, 16 Jun 2002 itojun@iijlab.net wrote:
>
> > on unix platforms, apr shipped with httpd 2.0.36 asks for truely-
> > random number (/dev/random) instead of so-so random number
> > (/dev/urandom). question: is it really necessary to require
> > /dev/random instead of /dev/urandom? if not, does the following patch
> > make sense?
>
> We already had a big debate about this. We decided it's best not to pick
> the least secure option by default, so the patch below (which I already
> wrote :), isn't the way to go. Instead, I overhauled that whole system so
> you can specify with a ./configure argument which one you want. It will
> be part of 2.0.38.
Though of course; RUNtime is what people who use our binary distribution
really want (and what 'I' want - just like for the HTTP filtering stuff;
as often the dev box you compile things on is not equal to the sub
standard boxes you deploy on).
Dw
Re: random number generator
Posted by Cliff Woolley <jw...@virginia.edu>.
On Sun, 16 Jun 2002 itojun@iijlab.net wrote:
> on unix platforms, apr shipped with httpd 2.0.36 asks for truely-
> random number (/dev/random) instead of so-so random number
> (/dev/urandom). question: is it really necessary to require
> /dev/random instead of /dev/urandom? if not, does the following patch
> make sense?
We already had a big debate about this. We decided it's best not to pick
the least secure option by default, so the patch below (which I already
wrote :), isn't the way to go. Instead, I overhauled that whole system so
you can specify with a ./configure argument which one you want. It will
be part of 2.0.38.
--Cliff