Entropy
Fabian Fagerholm
fabbe at paniq.net
Tue Oct 24 18:05:59 UTC 2006
Hello,
There was a thread on the upstream mailing list a few weeks or so ago
that reminded me of the /dev/random vs. /dev/urandom issue.
To sum it up: /dev/random will block if your apps eat too much entropy.
SASL uses entropy for many things, so it will block if /dev/random
blocks. /dev/urandom doesn't block. The general advice seems to be
that /dev/urandom is fine for most tasks, even though the urandom man
page states that its numbers are cryptographically weaker
than /dev/random's. How much weaker is a matter of debate, and it has
been suggested that the difference is irrelevant in practise.
In Cyrus SASL, this choice is a build-time option. We currently use the
default, which is /dev/random. That might be fine on other systems (I
don't know), but it's not uncommon for /dev/random to block on a busy
Linux system.
Should we use /dev/urandom for our package?
--
Fabian Fagerholm <fabbe at paniq.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20061024/b4aef3c6/attachment.pgp
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list