Skip site navigation (1) Skip section navigation (2)

Re: libpq seed PRNG for SSL support

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Jon Marks <j-marks(at)uiuc(dot)edu>
Cc: pgsql-patches(at)postgresql(dot)org
Subject: Re: libpq seed PRNG for SSL support
Date: 2002-01-11 18:36:19
Message-ID: 276.1010774179@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-patches
Jon Marks <j-marks(at)uiuc(dot)edu> writes:
> The best solution seems to be building more flexible PRNG initialization
> into libpq itself.

The thing that sticks in my craw about OpenSSL's approach to this is
that they assume application programmers (or database interface library
programmers, in this case) know more about how to find a suitable source
of randomness than the OpenSSL library does.  That strikes me as
completely wrong, not to say an abdication of responsibility for correct
operation of their library.  If it's a hard problem, why do they think
that application programmers (who presumably know little about crypto)
are more likely to get it right than they are?

I have heard that the next release of OpenSSL is going to fix this
problem, and so I'm not inclined to patch around it in our code.

			regards, tom lane

In response to

pgsql-patches by date

Next:From: Rick FlowerDate: 2002-01-12 01:45:06
Subject: Patches for AIX builds..
Previous:From: Bruce MomjianDate: 2002-01-11 06:09:55
Subject: Re: pg_upgrade

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group