[PATCH] Update to the Samba crypto requirements document

Björn JACKE bj at SerNet.DE
Thu Jan 4 09:14:01 UTC 2018

On 2018-01-03 at 19:32 +0100 Volker Lendecke via samba-technical sent off:
> If we need the fallback code anyway, and the getentropy call does not
> prove a significant speed advantage, we should stick with the pretty
> portable read of /dev/urandom.

I don't see speed as the main advantage. The point that /dev/urandom isn't
required is a pro point, people who use chroot or selinux or apparmor or
simply jailbash might notice quite late that /dev/urandom access is needed at
some point. And a urandom device node can also only be created by root while an
unprivileged user can't.

SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de

More information about the samba-technical mailing list