Re: Random strings
От | Joe Conway |
---|---|
Тема | Re: Random strings |
Дата | |
Msg-id | 010901c120f6$9615cfa0$48d210ac@jecw2k1 обсуждение исходный текст |
Ответ на | Re: Random strings (Peter Eisentraut <peter_e@gmx.net>) |
Список | pgsql-patches |
> > seconds). The same test with /dev/urandom returns instantly. Perhaps there > > should be an option to use either. For instances where only a few truly > > random bytes is needed (i.e. one session key), use /dev/random. When you > > need many random bytes quickly, use /dev/urandom? > > Not sure if this is intuitive. How many bytes is "a few"? Maybe just be > honest about it and name them randomstr and urandomstr or such. > In the patch that I sent last night, I explicitly limited /dev/random to 64 bytes. I agree that this is not very intuitive, but for specific purposes, such as generating a session key for tripledes (24 byte/192 bit random string yielding 168 bits for a the key) periodically, it is quite useful. There's a tradeoff here between cryptographic strength (favoring /dev/random) and application performance (favoring /dev/urandom) that will vary significantly from application to application. It's nice to have the option depending on your needs. Having said that, I'm not married to the idea that we should provide access to both /dev/random and /dev/urandom. I'd be happy to roll another patch, limited to just urandom, and renaming the function if you feel strongly about it. (should we move this discussion back to hackers to get a wider audience?) -- Joe
В списке pgsql-patches по дате отправления: