On Mon, Apr 28, 2008 at 06:48:43PM +0300, Lucian Adrian Grijincu wrote: > Wouldn't adding a new function be more suitable? > > http://apr.apache.org/docs/apr/1.2/group__apr__random.html: > apr_generate_random_bytes says it will "Generate random bytes". This > says nothing about the "pseudo-" vs. "true-" randomness of the > generated array. > > apr_generate_random_bytes_ex with an extra "flags" field seems a better way: > * APR_RANDOM_TRUE - a true random source, return an error if no true > random source is found on the system. > * APR_RANDOM_PSEUDO - a pseudo
This is a complicated subject, and I'm not an expert, but... The Linux /dev/random vs /dev/urandom distinction is not the same as "true random" vs "pseudo-random". Linux /dev/random provides pseudo-random data with a guarantee of high entropy; that's not the same thing as "true" randomness. The closest we can get to "true" randomness is the use of a hardware RNG, which draws from some physical source of entropy like thermal noise. Such RNGs are exposed directly on some platforms, but hardware is not that common. Currently apr_generate_random_bytes() provides no API guarantee on the "strength" (level of entropy) of the random data returned; nor any guarantee on whether it blocks. Given the lack of such a guarantee, nobody would presume the data is suitable for cryptographic use, e.g. private keys. So I think it's right to make it fast at the expense of strength, and it should prefer /dev/urandom over /dev/random. (In Fedora we've been building APR to use /dev/urandom forever, FWIW) I proposed a new API something like Lucian describes above, way back when: http://markmail.org/message/f7on762ulztbmocr In retrospect, I don't think it's a good idea for APR to venture further into this domain without a thorough review of what different randomness sources are available on different OSes, what are the common denominators, etc. The previous effort at providing something more general here is completely unused (apr/random) and been a waste of space AFAICT. joe
