| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | ilmari(at)ilmari(dot)org (Dagfinn Ilmari =?utf-8?Q?Manns=C3=A5ker?=) |
| Cc: | David CARLIER <devnexen(at)gmail(dot)com>, David Fetter <david(at)fetter(dot)org>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [PATCH] using arc4random for strong randomness matters. |
| Date: | 2017-11-22 17:34:36 |
| Message-ID: | 25920.1511372076@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
ilmari(at)ilmari(dot)org (Dagfinn Ilmari =?utf-8?Q?Manns=C3=A5ker?=) writes:
> Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
>> More generally, why should we bother with an additional implementation?
>> Is this better than /dev/urandom, and if so why?
> If what is wanted is something more like /dev/urandom, one can call
> getentropy(2) (or on Linux, getrandom(2)) directly, which avoids having
> to open the device file each time.
I dunno, it seems like this is opening us to a new set of portability
hazards (ie, sub-par implementations of arc4random) with not much gain to
show for it.
IIUC, what this code actually does is reseed itself from /dev/urandom
every so often and work from a PRNG in between. That's not a layer that
we need, because the code on top is already designed to cope with the
foibles of /dev/urandom --- or, to the extent it isn't, that's something
we have to fix anyway. So it seems like having this optionally in place
just reduces what we can assume about the randomness properties of
pg_strong_random output, which doesn't seem like a good idea.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2017-11-22 17:57:22 | Re: [HACKERS] Commits don't block for synchronous replication |
| Previous Message | Andres Freund | 2017-11-22 17:28:34 | Re: [PATCH] using arc4random for strong randomness matters. |