Re: ra_svn requires APR_HAVE_RANDOM

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: 2003-11-18 19:51:44 CET

On Tue, 2003-11-18 at 10:21, Philip Martin wrote:
> c) use some other random generator.
> Option c) might not be possible, if there were an easy way to do it
> then I suppose APR would probably do it already (I'm assuming that
> we need reasonably high quality "randomness" here).

Nah, it doesn't need to be that high-quality. The CRAM-MD5 nonces
should be different each time to prevent replay attacks, but nothing
goes wrong if an attacker can guess the nonce.

I'll look into adding code to do something intelligent when
APR_HAS_RANDOM isn't defined.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Nov 18 19:57:23 2003

This message: [ Message body ]
Next message: David Kimdon: "[PATCH] : issue #1584 : Prevent revision props on files/dirs"
Previous message: Michael Legart: "Re: ra_svn requires APR_HAVE_RANDOM"
In reply to: Philip Martin: "ra_svn requires APR_HAVE_RANDOM"
Next in thread: Greg Hudson: "Re: ra_svn requires APR_HAVE_RANDOM"
Reply: Greg Hudson: "Re: ra_svn requires APR_HAVE_RANDOM"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]