Re: advapi32: Fall back to /dev/random if /dev/urandom can't be opened, and add warnings if opening either fails
On Wed, Oct 15, 2008 at 1:13 PM, Juan Lang juan.lang@gmail.com wrote:
Let me know if you think the fallback is a bad idea, or if a FIXME is more appropriate than a WARN here. --Juan
FWIW: http://en.wikipedia.org/wiki/Urandom
"/dev/random and /dev/urandom are also available on Solaris, Mac OS X, NetBSD, OpenBSD, Tru64 UNIX 5.1B, AIX 5.2, and HP-UX 11i v2, however as with FreeBSD, AIX implements its own Yarrow-based design which uses considerably less entropy sources than the standard /dev/random implementation and stops refilling the pool when it thinks it contains enough entropy.[2]"
"A software program called EGD (entropy gathering daemon) is a common alternative for Unix systems which do not support the /dev/random device. It is a user space daemon which provides high quality cryptographic random data. Some cryptographic software such as OpenSSL, GNU Privacy Guard, and the Apache HTTP Server support using EGD when a /dev/random device is not available."
Hi Austin,
(snip)
"A software program called EGD (entropy gathering daemon) is a common alternative for Unix systems which do not support the /dev/random device.
Yep, I know. The problem with using EGD is that there isn't a standard path to it. Because /dev/urandom is so commonly available, adding a configuration option and code for such a rarely used feature didn't seem worth it.
Thanks, --juan
-
Austin English -
Juan Lang