On Thu, 4 Feb 2016, Rainer Gerhards wrote:
what platform doesn't offer _some_ random source? Anything Linux based
will have /dev/random and /dev/urandom. urandom may not be very good
quality randomness (by some measurements on some systems), but the kernel
provides the best that is available.
as I have learnt from someone in the know, urandom is actually very good
quality randomness. Can't quote through whom, though. But I think there are
some academic papers on that topic.
Yes, if there is 'enough' entropy, urandom is just as good as random. If entropy
runs short, urandom still uses as secure a prng as anything available (and
frequently reviewed, updated, etc). The estimate for entropy is very deliberatly
conservative, so the result is very good.
so it would only be non-linux systems that could have a problem, right?
non-linux, yes
what non-linux systems? everything should have /dev/random, right?
b) use the c runtime library randon number generator (which, I think, is
*not* crypto-grade).
you still need something to initialize the random number generator
yup.
I'll craft a patch to error out within the next days if I don't hear any
objections.
does this hit too late in the process to treat this like a syntax error? If you
specify encryption and there is no source of randomness available, treat it as
if the module didn't exist or something along those lines?
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
