| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | Marco Colombo <pgsql(at)esiway(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Arnau Rebassa <arebassa(at)hotmail(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Random not so random |
| Date: | 2004-10-04 17:25:21 |
| Message-ID: | 20041004172521.GA9716@wolff.to |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, Oct 04, 2004 at 18:58:41 +0200,
Marco Colombo <pgsql(at)esiway(dot)net> wrote:
>
> Actually, that should be done each time the random() function
> is evaluated. (I have no familiarity with the code, so please
That may be overkill, since I don't think that random has been advertised
as a secure or even particularly strong random number generator.
> bear with me if the suggestion is unsound). I'd even add a parameter
> for "really" random data to be provided, by reading /dev/random
> instead of /dev/urandom (but read(2) may block).
You don't want to use /dev/random. You aren't going to get better random
numbers that way and blocking reads is a big problem.
> How about the following:
> random() = random(0) = traditional random()
> random(1) = best effort random() via /dev/urandom
> random(2) = wait for really random bits via /dev/random
It might be nice to have a secure random function available in postgres.
Just using /dev/urandom is probably good enough to provide this service.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gaetano Mendola | 2004-10-04 17:29:58 | Re: VACUUM FULL on 24/7 server |
| Previous Message | Janning Vygen | 2004-10-04 17:13:24 | Re: i'm really desperate: invalid memory alloc request |