Justin Erenkrantz wrote:
> On Nov 2, 2007 1:10 AM, Karl Fogel <kfogel@red-bean.com> wrote:
>> By that time I had forgotten about the random-vs-urandom thing,
>> though, so I just assumed my tests were taking longer because we had
>> more tests, or something. Now that I'm specifying /dev/urandom
>> explicitly, things are fast for me again.
>
> I'm much much more curious *why* this affects anything. What is the
> testsuite/Subversion doing that requires crypto-grade random numbers
> at all? Is whatever it is really need crypto-secure random, or is it
> safe to make it insecure? FWIW, APR 1.2+ has an internal PRNG as well
> - we can explicitly ask for insecure random bytes from it. The only
> direct call I can find is part of ra_svn's CRAM implementation - but
> that shouldn't manifest itself via the other ra layers...so what's the
> culprit here? -- justin
Honestly, I've wondered the same. My recollection is that APR doesn't allow
one to say "it's okay to use weak encryption" when generating UUIDs, and I
*think* that UUID generation is the only place we'd be consuming entropy.
We use UUIDs for repository creation (dump/load), for commit generating
commit activity names (DAV), for lock token creation, for .subversion/auth
obfuscation ... other places?
--
C. Michael Pilato <cmpilato@collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
Received on Fri Nov 2 16:02:54 2007