Skip site navigation (1) Skip section navigation (2)

Re: SSL (patch 5)

From: Bear Giles <bgiles(at)coyotesong(dot)com>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Bear Giles <bgiles(at)coyotesong(dot)com>, pgsql-patches(at)postgresql(dot)org
Subject: Re: SSL (patch 5)
Date: 2002-05-27 22:14:44
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-patches
> Bear Giles writes:
> > Patch to add initialization from entropy source, either a
> > file ($HOME/.postgresql/.rand, $DataDir/.rand) or the
> > /dev/urandom device.
> I seem to recall that OpenSSL handles generating appropriate randomness
> itself.

That's been an ongoing problem, and something may be done in 0.9.7.
But all of the sample implementations still show the use of explicit
initialization code, so that's why I added it.

> So far we've reject these kinds of attempts to do it ourselves.
> How does it work now?

The failure mode isn't that SSL stops, it's that it's easier for
an attacker to guess the next number that the PRNG will produce.
This can a big problem for high-volume servers.


In response to


pgsql-patches by date

Next:From: Neil ConwayDate: 2002-05-27 23:10:53
Subject: Re: COPY and default values
Previous:From: Christopher Kings-LynneDate: 2002-05-27 22:11:38
Subject: Re: SRF rescan testing

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group