[PATCH] Always read from /dev/urandom
Jeremy Allison
jra at samba.org
Mon Oct 12 20:06:59 UTC 2015
On Mon, Oct 12, 2015 at 08:43:24PM +0200, Volker Lendecke wrote:
> On Tue, Oct 13, 2015 at 07:38:38AM +1300, Andrew Bartlett wrote:
> > The main risk would seem to be the abort() on lack of access to
> > /dev/urandom, it will be interesting to see if that finds places where
> > Samba fell back to poor internal entropy in the past.
>
> Right. But on the other hand -- why would open(/dev/urandom)
> ever fail?
I just did the cachegrind tests. Wow. On bin/genrandperf 1000000
there's a factor of *120* difference in instructions executed.
Plus /dev/urandom is reported as supported on:
Linux, FreeBSD, OpenBSD, Mac OS X, Solaris, NetBSD, Tru64 UNIX, AIX and
HP-UX.
https://en.wikipedia.org/wiki//dev/random
I wrote the original (now crappy) generate_random_buffer()
code. It was alright for its time, but its time has now
passed :-).
Reviewed-by: Jeremy Allison <jra at samba.org>
I'll push once the autobuild with Ralph's changes
goes through !
Jeremy.
More information about the samba-technical
mailing list