William A. Rowe, Jr. wrote:
Steve Comstock wrote:
William A. Rowe, Jr. wrote:
[snip]
Guessing there was no source of entropy. C.f. apr ./configure;
--with-egd[=DIR] use EGD-compatible socket
--with-devrandom[=DEV] use /dev/random or compatible [searches by
default]
I'm glad you suggested that. It gives me the opportunity to
ask a few questions:
* I've heard of entropy in the physics sense; I've seen
or two references to it in the software context; what
does "entropy" mean in the software context?
randomness that is not predicted, e.g. other than a pseudorandom sequence,
since these can be predicted.
* What creates entropy? What is the significance of your
suggested --with options?
In the pc sense, usually /dev/random or /dev/urandom, there are various
prngd alternatives. These work by deciding to watch sensors in the PC,
e.g. you might take a measurement of the cpu's temperature measured in
.001 degree (to .010), or the arrival timing of packets on the network,
etc. /dev/random does so for all bits of entropy, /dev/urandom does the
best it can with true bits of entropy, and makes up the difference with
pseduorandom data so that it won't block.
You must have one. bin/htpasswd was considered insecure, so it was
modified to grab a few mostly random bytes for seeding. (httpd project's
choice, not ours).
Ahhh! That's the clue that does the trick for me: a source
of seeds for a random number generator, that you need for
creating / processing passwords. Thanks!
z/OS has /dev/urandom, so I guess I'll use that.
* What made you think, from my post, that there was no
source of entropy? What was your clue?
Someone else reported similar a while ago, and this parked itself away
in my brain for a month or two.
You mentioned apr_get_password - I had the same failure a couple of days
ago on HP/UX 11.11 (a new box) and realized that we hadn't installed the
HP/UX /dev/random, /dev/urandom drivers nor choose a source like prngd.
Seeing as I'm done supporting 11.00, HP's driver made more sense.
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I
Makes sense to me. Thanks again.
Do I need to specify --with-devrandom=/dev/urandom just
for the apr configure, or do I need to specify it at
for apr-util also? Or, can I just do the httpd configure
and depend on that process carrying down? [I'd like to
just run httpd ./configure; doesn't that invoke the apr
and apr-util configure scripts on your behalf?
Kind regards,
-Steve Comstock
The Trainer's Friend, Inc.
303-393-8716
http://www.trainersfriend.com
z/OS Application development made easier
* Our classes include
+ How things work
+ Programming examples with realistic applications
+ Starter / skeleton code
+ Complete working programs
+ Useful utilities and subroutines
+ Tips and techniques
==> Check out the Trainer's Friend Store to purchase z/OS <==
==> application developer toolkits. Sample code in four <==
==> programming languages, JCL to Assemble or compile, <==
==> bind and test. <==
==> http://www.trainersfriend.com/TTFStore/index.html <==
