13.01.2014 04:35, Wim Lewis kirjoitti:
One comment, this:
/* get 128 random bits */
int err = px_get_random_bytes(buf, 16);
might be better to use px_get_pseudo_random_bytes(). UUIDs don't
need to be unguessable or have perfect entropy; they just need to
be collision-resistant. RFC4122 mentions this I think, and if you
look at the ossp-uuid function that this is replacing, it also uses
its internal PRNG for v4 UUIDs rather than strong high-entropy
randomness.
(The downside of requesting strong randomness when you don't need
it is that it can potentially cause the server to block while the
system gathers entropy.)
pgcrypto's px_get_pseudo_random_bytes is just a wrapper for
px_get_random_bytes which itself calls system_reseed and
fortuna_get_bytes. system_reseed function tries to read from
/dev/urandom, and only uses /dev/random if reading urandom fails, so it
should never block on systems which have urandom.
That said, it may still make sense to use px_get_pseudo_random_bytes
instead just in case it ever gets modified to do something lighter than
px_get_random_bytes.
Thanks for the review,
Oskari
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
