[TYPO3-core] RFC #9852: Feature: Provide a random byte generator in TYPO3 Core
Christian Kuhn
lolli at schwarzbu.ch
Sat Nov 29 09:41:43 CET 2008
Hi,
Xavier Perseguers wrote:
>> + // /dev/urandom is available on many *nix systems and is considered
>> + // the best commonly available pseudo-random source.
>>
>> On Linux /dev/random is considered the best PRNG [1], but it blocks if
>> entropy pool is empty. /dev/urandom reuses the internal entropy pool to
>> produce more pseudo-random bits, but the output may contain less entropy
>> than the corresponding read from /dev/random. A 'cat' on both devices
>> shows the difference.
>>
>> On FreeBSD /dev/random never blocks.
>>
>> Both devices are available in most Unixes.
>>
>> Maybe we should note in the comment that /dev/random would be better,
>> but is not used in favor of a non blocking solution.
>
> There was a (very) long discussion on this issue before OpenID sysext
> was committed to trunk. Please consider using its code for accessing
> /dev/random, /dev/urandom or any other random block device or fallback
> to a PRNG.
I don't want to start this discussion all over. I'm fine with the
provided solution and gave my +1. For my, and probably most others use
cases /dev/urandom is sufficient, I would just like to see (and don't
insist on) a comment to state the difference to /dev/random.
Regards
Christian
More information about the TYPO3-team-core
mailing list