Weird pop3d hang problem (fd blocked?!)
John Alton Tamplin
jtampli at sph.emory.edu
Tue Jun 10 12:32:58 EDT 2003
foobar wrote:
>See word *theoretically* , didn't urandom gather some data from
>network-interfaces too so it may be affected. Nobody knows when it takes
>data from device nr X.
>
>
My point was simply before you decide to link random to urandom for the
sake of Cyrus, you should consider the impact that will have on other
applications that need random numbers. If others have access to your
machine and you are generating private keys, they could exhaust all the
entropy from /dev/random, read enough of /dev/urandom to determine the
position in the sequence, and then know what random numbers your key
generation code used. Granted, it is far-fetched and a lot of work, but
when you are building a key that will be used for years and could
compromise other keys if revealed, it pays to be safe.
>/dev/urandom appeared in solaris since version8 (patch). random's
>device-number is 8 while urandom's is 9. What about if there is
>config-option for this device?
>
>
When you build SASL, just define -DDEV_RANDOM=/dev/urandom.
--
John A. Tamplin Unix System Administrator
Emory University, School of Public Health +1 404/727-9931
More information about the Info-cyrus
mailing list