On Wed, Jul 04, 2012, Doug Barton wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 07/04/2012 13:32, Andrey Chernov wrote: > > 1) /dev/urandom may not exist in jails/sandboxes > > That would be a pretty serious configuration error.
Yes -- but the scary part is that arc4random() is not fail-safe at all. If /dev/random isn't there, you just silently get predictable "randomness". If you needed that randomness for cryptographic purposes you're out of luck; you might as well have used rot13. Using the sysctl doesn't fix the failure mode (in fact, as I recall the sysctl dubiously never reports failure even if there is no entropy), but there's a narrower set of circumstances under which the sysctl can fail. _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
