> > generating session keys and other things. It's good to have a
> > choice. Right now I have a lot of pl/pgsql which calls plain old
> > RANDOM() to generate session keys, and that is not good. Before I
> > launch this thing, I will need to find a way of getting better random
> > numbers. If anyone has created a function like that for PG, please
> > mail me, because I need it.
>
> As I said earlier, I just recently created a function for something else
I'm
> working on which returns a binary string from /dev/urandom of whatever
> length you request. I'm using it for initialization vectors (IVs) for 3des
> cbc and for session keys. It should be relatively easy to turn into a
pgsql
> contrib function, so I'll post something to patches within the next couple
> of days. It would not be intended to replace the standard RANDOM()
function,
> just compliment it. Biggest question in my mind is the return type --
should
> it return pure binary as a bytea type, or hex as a text type? Any thoughts
> on this?
>
Per the discussion yesterday, here's a patch. There are two versions of
essentially the same function. They both take an int as the number of
requested random bytes, and generate a random binary string of the requested
length from /dev/urandom. The first one (randomstr_hex) converts the binary
to hex and returns it as text, and the other (randomstr_bytea) does the
needed escaping of special characters and returns bytea.
Let me know if you have any other thoughts on how this can be improved. I
didn't bother to create a function to return a random 0 - 1 interval float
(ala random()) because in most cases where cryptographic quality random
values are needed, the provided forms are the most useful ones (I think).
-- Joe
