[TYPO3-core] RFC #9852: Feature: Provide a random byte generator in TYPO3 Core
Xavier Perseguers
typo3 at perseguers.ch
Sat Nov 29 09:14:36 CET 2008
Hi,
>
> + // /dev/urandom is available on many *nix systems and is considered
> + // the best commonly available pseudo-random source.
>
> On Linux /dev/random is considered the best PRNG [1], but it blocks if
> entropy pool is empty. /dev/urandom reuses the internal entropy pool to
> produce more pseudo-random bits, but the output may contain less entropy
> than the corresponding read from /dev/random. A 'cat' on both devices
> shows the difference.
>
> On FreeBSD /dev/random never blocks.
>
> Both devices are available in most Unixes.
>
> Maybe we should note in the comment that /dev/random would be better,
> but is not used in favor of a non blocking solution.
There was a (very) long discussion on this issue before OpenID sysext
was committed to trunk. Please consider using its code for accessing
/dev/random, /dev/urandom or any other random block device or fallback
to a PRNG.
If the solution used by OpenID is not the best, then at least its logic
of testing the platform and available devices *should* be used to
prevent Error 500, Notice or Warnings.
--
Xavier Perseguers
http://xavier.perseguers.ch/en
More information about the TYPO3-team-core
mailing list