| From: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com>, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Michael Paquier <michael(at)paquier(dot)xyz>, Dagfinn Ilmari Mannsåker <ilmari(at)ilmari(dot)org>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Support getrandom() for pg_strong_random() source |
| Date: | 2025-07-30 15:10:16 |
| Message-ID: | e7f45075-4078-4d5c-923e-9cd8c3703050@eisentraut.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 30.07.25 13:55, Daniel Gustafsson wrote:
>> The point still stands that the number of installations without OpenSSL support is approximately zero, so what is the purpose of this patch if approximately no one will be able to use it?
> The main usecase I've heard discussed (mostly in hallway tracks IIRC) is to
> allow multiple PRNG's so that codepaths which favor performance over
> cryptographic properties can choose, this would not be that but a small step on
> that path (whether or not that's the appropriate step is debatable).
This sounds like a reasonable goal. Intuitively, you want stronger
randomness for hashing a password than for generating UUIDs. Then
again, it's not clear how much stronger exactly. RFC 9562 does call for
"cryptographically secure" random numbers. Do we want multiple levels
of "strong" or "secure"? This needs a lot more analysis.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jacob Champion | 2025-07-30 15:37:38 | Re: Improve prep_buildtree |
| Previous Message | Jeff Davis | 2025-07-30 15:04:17 | Re: pg_dump --with-* options |