On Mon, Aug 26, 2002 at 09:10:54PM +0200, Marcus Brinkmann wrote: > On Mon, Aug 26, 2002 at 12:50:22PM -0500, Branden Robinson wrote: > > > I can't believe he actually intends to keep it like this.. > > > > I'm going to #define DEV_RANDOM /dev/random for Linux systems. > > That's bad, because that will drain the entropy a lot, and it might > block for a long time, and that for no good reason as I don't think the > magic cookie needs strong cryptographical security (for comparison: The > secret key of a public key cryptography key pair should be created using > /dev/random, while for session keys /dev/urandom is good enough).
/dev/random? /dev/urandom? You are kidding. This randmomness is used to create authorisation cookies for X which in my understanding provide ZERO security. Use plain libc rand() and the security is exactly the same. Richard
