Bojan, et. al.: The answer to these arguments are: use /dev/urandom, not /dev/random. It's going to do as good or better than anything you're going to seed with /dev/random, and IT WILL NOT BLOCK. I may be wrong (I'm just starting to poke around in related code) but it doesn't look like the time and the session counter values you're appending to create the SessionID have any subsequent meaning. If you're looking for more entropy, I'd ditch the time and use another long's worth of /dev/urandom. With respect to leaving the device open, this seems a lot better than opening and closing it every time you need to cough up a SessionID. I can't see how this could have any possible downside except for using up a file descriptor. Cheers, Doug
- cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modul... costin
- Re: cvs commit: jakarta-tomcat/src/share/org/apache/tom... Bojan Smojver
- Re: cvs commit: jakarta-tomcat/src/share/org/apach... cmanolache
- Re: cvs commit: jakarta-tomcat/src/share/org/a... Bojan Smojver
- Re: cvs commit: jakarta-tomcat/src/share/org/apach... estutes
- Re: cvs commit: jakarta-tomcat/src/share/org/a... Bojan Smojver
- Re: cvs commit: jakarta-tomcat/src/share/... estutes
- Re: cvs commit: jakarta-tomcat/src/s... Bojan Smojver
- Re: cvs commit: jakarta-tomcat/src/share/org/apache/tom... Doug Barnes
- Re: cvs commit: jakarta-tomcat/src/share/org/apache... Bojan Smojver
- RE: cvs commit: jakarta-tomcat/src/share/org/a... Doug Barnes
- Re: cvs commit: jakarta-tomcat/src/share/o... Bojan Smojver
- cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/... costin
- cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/... costin
- cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/... costin
- cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/... costin
