Skip site navigation (1) Skip section navigation (2)

Re: SSL (patch 5)

From: Bear Giles <bgiles(at)coyotesong(dot)com>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Bear Giles <bgiles(at)coyotesong(dot)com>, pgsql-patches(at)postgresql(dot)org
Subject: Re: SSL (patch 5)
Date: 2002-05-27 22:14:44
Message-ID: 200205272214.QAA10980@eris.coyotesong.com (view raw or flat)
Thread:
Lists: pgsql-patches
> Bear Giles writes:
> 
> > Patch to add initialization from entropy source, either a
> > file ($HOME/.postgresql/.rand, $DataDir/.rand) or the
> > /dev/urandom device.
> 
> I seem to recall that OpenSSL handles generating appropriate randomness
> itself.

That's been an ongoing problem, and something may be done in 0.9.7.
But all of the sample implementations still show the use of explicit
initialization code, so that's why I added it.

> So far we've reject these kinds of attempts to do it ourselves.
> How does it work now?

The failure mode isn't that SSL stops, it's that it's easier for
an attacker to guess the next number that the PRNG will produce.
This can a big problem for high-volume servers.

Bear

In response to

Responses

pgsql-patches by date

Next:From: Neil ConwayDate: 2002-05-27 23:10:53
Subject: Re: COPY and default values
Previous:From: Christopher Kings-LynneDate: 2002-05-27 22:11:38
Subject: Re: SRF rescan testing

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group