"Justin Erenkrantz" <justin@erenkrantz.com> writes:
> I'm much much more curious *why* this affects anything. What is the
> testsuite/Subversion doing that requires crypto-grade random numbers
> at all? Is whatever it is really need crypto-secure random, or is it
> safe to make it insecure? FWIW, APR 1.2+ has an internal PRNG as well
> - we can explicitly ask for insecure random bytes from it. The only
> direct call I can find is part of ra_svn's CRAM implementation - but
> that shouldn't manifest itself via the other ra layers...so what's the
> culprit here? -- justin
I suspect it's mainly the generation of repository UUIDS -- the test
suite creates a lot of repositories.
Supposing we switch our production code to use the pseudo-random
number generator, I have no idea what the chances are of two
repositories in the wild getting the same UUID as a result. It seems
likely that crypto-grade randomness lowers that chance, but lowers it
from what already infinitesimal specklet? I don't know.
-Karl
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Nov 3 00:35:47 2007