On Mar 29, 2007, at 9:56 PM, S. Robert James wrote:
On Mar 29, 9:49 pm, Brad Ediger <[EMAIL PROTECTED]> wrote:Agreed that "some secret phrase" will not yield 256 or even 128 bits of entropy. But the Rails app generator uses a version of generate_unique_id, which uses just about all of the system-level entropy available to Ruby. Granted, it's an MD5 hash (thus an upper limit of 128 bits of entropy), not a cryptographic PRNG, but it is better than a user-entered phrase by far.Missed that - which file is this in?
It's buried:railties/lib/rails_generator/generators/applications/app/ app_generator.rb
Here's the relevant code: # duplicate CGI::Session#generate_unique_id md5 = Digest::MD5.new now = Time.now md5 << now.to_s md5 << String(now.usec) md5 << String(rand(0)) md5 << String($$) md5 << @app_name # ...m.template "environments/environment.rb", "config/ environment.rb", :assigns => { :freeze => options[:freeze], :app_name => @app_name, :app_secret => md5.hexdigest }
--be
smime.p7s
Description: S/MIME cryptographic signature
