13.01.2014 04:35, Wim Lewis kirjoitti:
> One comment, this:
>
>> /* get 128 random bits */
>> int err = px_get_random_bytes(buf, 16);
>
> might be better to use px_get_pseudo_random_bytes(). UUIDs don't
> need to be unguessable or have perfect entropy; they just need to
> be collision-resistant. RFC4122 mentions this I think, and if you
> look at the ossp-uuid function that this is replacing, it also uses
> its internal PRNG for v4 UUIDs rather than strong high-entropy
> randomness.
>
> (The downside of requesting strong randomness when you don't need
> it is that it can potentially cause the server to block while the
> system gathers entropy.)
pgcrypto's px_get_pseudo_random_bytes is just a wrapper for
px_get_random_bytes which itself calls system_reseed and
fortuna_get_bytes. system_reseed function tries to read from
/dev/urandom, and only uses /dev/random if reading urandom fails, so it
should never block on systems which have urandom.
That said, it may still make sense to use px_get_pseudo_random_bytes
instead just in case it ever gets modified to do something lighter than
px_get_random_bytes.
Thanks for the review,
Oskari
