Re: SSL (patch 5) - Mailing list pgsql-patches

From Bruce Momjian
Subject Re: SSL (patch 5)
Date
Msg-id 200206160012.g5G0CaF25890@candle.pha.pa.us
Whole thread Raw
In response to SSL (patch 5)  (Bear Giles <bgiles@coyotesong.com>)
List pgsql-patches
Bear Giles wrote:
> Patch to add initialization from entropy source, either a
> file ($HOME/.postgresql/.rand, $DataDir/.rand) or the
> /dev/urandom device.
>
> This is intended to reduce the ability of an attacker to
> predict our "random" keys.
>
> The random file can be generated with the OpenSSL command:
> openssl rand -out .rand 1024.

Bear, this patch was rejected because we hope SSL will handle it itself
soon, right?

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

pgsql-patches by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: libpq++ fixes
Next
From: Bruce Momjian
Date:
Subject: Re: 2nd revision of SSL patches