Re: [HACKERS] Random number generation, take two

On Tue, Dec 6, 2016 at 10:31 AM, Tom Lane wrote: > I wrote: >> Heikki Linnakangas writes: >>> Tom: I expect pademelon to fail at the configure step, complaining that >>> "no source of strong random numbers was found". Let's wait for one >>> cycle, to verify

Re: [HACKERS] Random number generation, take two

I wrote: > Heikki Linnakangas writes: >> Tom: I expect pademelon to fail at the configure step, complaining that >> "no source of strong random numbers was found". Let's wait for one >> cycle, to verify that it does fail like that. After that, can you add >> the

Re: [HACKERS] Random number generation, take two

Heikki Linnakangas writes: > Tom: I expect pademelon to fail at the configure step, complaining that > "no source of strong random numbers was found". Let's wait for one > cycle, to verify that it does fail like that. After that, can you add > the --disable-strong-random flag

Re: [HACKERS] Random number generation, take two

On Mon, Dec 5, 2016 at 8:45 PM, Heikki Linnakangas wrote: > On 11/30/2016 03:22 PM, Michael Paquier wrote: >> I could live with that. Your patch is not complete though, you need to >> add pg_strong_random.c into the array @pgportfiles in Mkvcbuild.pm. >> You also need to remove

Re: [HACKERS] Random number generation, take two

On 11/30/2016 03:22 PM, Michael Paquier wrote: On Wed, Nov 30, 2016 at 8:51 PM, Heikki Linnakangas wrote: On 11/30/2016 09:01 AM, Michael Paquier wrote: Attached is a patch for MSVC to apply on top of yours to enable the build for strong and weak random functions. Feel free

Re: [HACKERS] Random number generation, take two

On Wed, Nov 30, 2016 at 10:22 PM, Michael Paquier wrote: > On Wed, Nov 30, 2016 at 8:51 PM, Heikki Linnakangas wrote: >> On 11/30/2016 09:01 AM, Michael Paquier wrote: >>> +bool >>> +pg_backend_random(char *dst, int len) >>> +{ >>> + int i;

Re: [HACKERS] Random number generation, take two

On 11/30/2016 09:05 PM, Alvaro Herrera wrote: Heikki Linnakangas wrote: On 11/30/2016 09:01 AM, Michael Paquier wrote: It is important that this value [nonce] be different for each authentication (see [RFC4086] for more details on how to achieve this) So the nonces need to be different for

Re: [HACKERS] Random number generation, take two

Heikki Linnakangas wrote: > On 11/30/2016 09:01 AM, Michael Paquier wrote: > > It is important that this value [nonce] be different for each > > authentication (see [RFC4086] for more details on how to achieve > > this) > > So the nonces need to be different for each session, to avoid replay >

Re: [HACKERS] Random number generation, take two

On Wed, Nov 30, 2016 at 8:51 PM, Heikki Linnakangas wrote: > On 11/30/2016 09:01 AM, Michael Paquier wrote: > I was thinking that with --disable-strong-random, we'd use plain random() in > libpq as well. I believe SCRAM is analogous to the MD5 salt generation in > the backend, in

Re: [HACKERS] Random number generation, take two

On 11/30/2016 09:01 AM, Michael Paquier wrote: On Tue, Nov 29, 2016 at 10:02 PM, Heikki Linnakangas wrote: Phew, this has been way more complicated than it seemed at first. Thoughts? One of the goals of this patch is to be able to have a strong random function as well for

Re: [HACKERS] Random number generation, take two

On Tue, Nov 29, 2016 at 10:02 PM, Heikki Linnakangas wrote: > Ok, here's my second attempt at refactoring random number generation. > Previous attempt crashed and burned, see > https://www.postgresql.org/message-id/e1bw3g3-0003st...@gemulon.postgresql.org. > This addresses the