On Sun, 26 May 2002, Ben Laurie wrote:
What about a --with-devrandom=<path> option for people who do want to go the /dev/urandom route?
I'm starting to prefer this option I think.
Surely its configurable anyway? Changing the default strikes me as something that will bite you if you aren't careful!
Nope. Currently /dev/random is strictly preferred over /dev/urandom which is strictly preferred over EGD over truerand. I'd think if the user asks for EGD, we should ignore /dev/random even if it exists. And if the user asks for /dev/urandom or /some/other/device, we should prefer that over /dev/random even if it exists. I'm not sure how truerand should fit in, since it's currently just tested for as a last resort and not specifically requested by the user.
Hmmm. Well, IMO it should be configurable at runtime, especially since some other OSes have yet more sources of entropy (/dev/arandom for example).
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
