On Fri, Jul 08, 2005 at 02:10:47PM -0500, Bruno Wolff III wrote:
> On Fri, Jul 08, 2005 at 20:54:40 +0300,
> Marko Kreen <marko@l-t.ee> wrote:
> >
> > The idea is to initially seed Fortuna with randomness from
> > system and later feed SHA1 of user data into it too. Just
> > to keep it from degenerating into pure PRNG.
>
> How is fortuna getting entropy?
- From /dev/urandom or /dev/random on Linux, *BSD, Darwin and
Solaris.
- On Windows it uses CryptGenRandom function from Microsoft
CryptoAPI and additionally a high-resolution timer
output. (I must admit I haven't even compile tested them,
I hope that win32 guys will look into it.)
- On other OS'es, or in case reading /dev/random fails,
the regular silly random functions: getpid, gettimeofday, etc.
The system randomness is aquired on first call, and then after
every 3h or so. In addition SHA1 of user data is feeded into
it just to keep things moving.
Actually, this is the preferred usage for /dev/random - to seed
a strong PRNG, then use that. Unless you are generating
secret keys, that is. But we aren't. Basically, the hardware
entropy the kernel has aquired is precious, and the user should
not waste it.
This leaves OS'es that don't have /dev/random and aren't Windows
out cold, but I really can't do anything for them. With the
mixing of user data, the random output should not immidiately
fail for them too.
Ofcourse, if anyone knows any system-specific entropy gathering
tricks, please tell.
> Wouldn't this be better placed in the OS as the source of /dev/urandom rather
> than as part of Postgres?
Well, those OS'es that already have urandom/random, don't need
it. And those that don't - I really don't feel responsibility
to write one...
--
marko