On Tue, Oct 18, 2016 at 12:34 PM, Tom Lane <t...@sss.pgh.pa.us> wrote:
> Michael Paquier <michael.paqu...@gmail.com> writes:
>> And actually, enabling prngd would need to be controlled by a
>> configure switch as well disabled by default, no?
> AFAICT, openssl has no configuration options related to prngd; they
> seem to be able to use it automatically when /dev/[u]random isn't there.
> This surprises me a bit because the location of prngd's random-data socket
> is evidently variable.  I've not dug into exactly how openssl figures that
> out, but I'm sure a little quality time with the openssl sources would
> explain it.

I dug a bit into the code around RAND_egd and how it gets into
fetching a method to get random bytes but got tired of the game for
now. The man page means visibly that OpenSSL connects directly to the

By the way, after a short chat with Heikki, we can up with an extra
idea: resurrect unix_std from pgcrypto in pg_strong_random as the last
fallback method and instead of using sha1, use sha2 as SCRAM is going
to need those functions in src/common/ as well. Having a configure
switch to enable it may be a good idea.

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to