Message 5983 - Python tracker

Author	phr
Recipients
Date	2001-10-11.18:44:26
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to

Content
Logged In: YES user_id=72053 1) I think it's dangerous to run a prngd on an IP socket instead of a Unix domain socket. It creates the possibility of (either accidentally or by ignorance) running OpenSSL on a separate host from the prngd, making the random numbers vulnerable to network sniffing. That's bad--the numbers are cryptographic secrets and should not be exposed. 2) It's simple to set up a local SSL server with the command line openssl s_server option. 3) I'm not crazy about the whole prngd concept. I haven't looked at the CHILL interface yet, but if it's possible to abandon prngd and get random numbers through CHILL, that might be best. On Linux, /dev/urandom should be used.

Logged In: YES 
user_id=72053

1) I think it's dangerous to run a prngd on an IP socket
instead of a Unix domain socket.  It creates the possibility
of (either accidentally or by ignorance) running OpenSSL
on a separate host from the prngd, making the random numbers
vulnerable to network sniffing.  That's bad--the numbers
are cryptographic secrets and should not be exposed.

2) It's simple to set up a local SSL server with the
command line openssl s_server option.  

3) I'm not crazy about the whole prngd concept.  I haven't
looked at the CHILL interface yet, but if it's possible
to abandon prngd and get random numbers through CHILL,
that might be best.  On Linux, /dev/urandom should be used.

History
Date	User	Action	Args
2007-08-23 13:55:47	admin	link	issue451607 messages
2007-08-23 13:55:47	admin	create