Re: pgcrypto seeding problem when ssl=on
| От | Marko Kreen |
|---|---|
| Тема | Re: pgcrypto seeding problem when ssl=on |
| Дата | |
| Msg-id | CACMqXCK=+UrWBZ4uJ8gymnaggGzRvwxww3anAZw2OLYPJ1SK8Q@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: pgcrypto seeding problem when ssl=on (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: pgcrypto seeding problem when ssl=on
|
| Список | pgsql-hackers |
On Mon, Jan 14, 2013 at 12:46 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Marko Kreen <markokr@gmail.com> writes: >> On Fri, Dec 21, 2012 at 10:27 PM, Noah Misch <noah@leadboat.com> wrote: >>> How about instead calling RAND_cleanup() after each backend fork? > >> Attached is a patch that adds RAND_cleanup() to fork_process(). > > I remain unconvinced that this is the best solution. Anybody else have > an opinion? Do you have knowledge about systems that have /dev/random (blocking) but not /dev/urandom (non-blocking)? The only argument I see against RAND_cleanup() is that postgres might eat entropy from /dev/random (blocking) and cause both other programs and itself block, waiting for more entropy. But this can only happen on systems that don't have /dev/urandom. Note: reading from /dev/urandom does not affect /dev/random. -- marko
В списке pgsql-hackers по дате отправления: