> > Isn't /dev/random best used for seeding the random number generator,
> > rather than for getting random number?
>
> It is best used for any situation when quality random numbers are
> needed. This includes seeding, and in some cases it may also include
> generating session keys and other things. It's good to have a
> choice. Right now I have a lot of pl/pgsql which calls plain old
> RANDOM() to generate session keys, and that is not good. Before I
> launch this thing, I will need to find a way of getting better random
> numbers. If anyone has created a function like that for PG, please
> mail me, because I need it.
As I said earlier, I just recently created a function for something else I'm
working on which returns a binary string from /dev/urandom of whatever
length you request. I'm using it for initialization vectors (IVs) for 3des
cbc and for session keys. It should be relatively easy to turn into a pgsql
contrib function, so I'll post something to patches within the next couple
of days. It would not be intended to replace the standard RANDOM() function,
just compliment it. Biggest question in my mind is the return type -- should
it return pure binary as a bytea type, or hex as a text type? Any thoughts
on this?
I agree with other comments regarding /dev/random. During testing I found
that it can block for significant periods of time, especially when used
repetitively.
-- Joe