Skip site navigation (1) Skip section navigation (2)

Re: Porting issue with openssl and no /dev/random

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Bruno Wolff III <bruno(at)cerberus(dot)csd(dot)uwm(dot)edu>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: Porting issue with openssl and no /dev/random
Date: 2001-10-30 15:13:27
Message-ID: 20525.1004454807@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-bugs
Bruno Wolff III <bruno(at)cerberus(dot)csd(dot)uwm(dot)edu> writes:
> It looks like they consider not running without seeding the PRNG a feature
> and that this isn't something likely to change soon.

One man's feature is another man's bug, I'd say.  How can they consider
it a good decision to leave it to the application to solve this problem?
Especially when they *do* solve the seeding problem on some platforms?
Their stance is completely inconsistent.  If they're concerned about
preventing use of predictable seeds, the last thing they should want to
do is allow a surrounding application to apply a sloppy solution (like
the constant seed you just suggested).  They should think of the best
solution they can, and embody it in their library.  There is *no* chance
that an application developer is going to invent a better way on the
spur of the moment, and every chance that he'll blow a mile-wide hole
in the security of their library.

Grumble.  

			regards, tom lane

In response to

Responses

pgsql-bugs by date

Next:From: Tom LaneDate: 2001-10-30 15:48:46
Subject: Re: Porting issue with openssl and no /dev/random
Previous:From: Bruno Wolff IIIDate: 2001-10-30 15:06:50
Subject: Re: Porting issue with openssl and no /dev/random

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group