From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
---|---|
To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | David Steele <david(at)pgmasters(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, David Fetter <david(at)fetter(dot)org>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Julian Markwort <julian(dot)markwort(at)uni-muenster(dot)de>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>, Valery Popov <v(dot)popov(at)postgrespro(dot)ru> |
Subject: | Re: Password identifiers, protocol aging and SCRAM protocol |
Date: | 2016-10-17 14:41:09 |
Message-ID: | 2eae485f-febd-72df-089a-ca95fc9fc89f@iki.fi |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 10/17/2016 12:27 PM, Heikki Linnakangas wrote:
> On 10/17/2016 12:18 PM, Michael Paquier wrote:
>> You removed the part of pgcrypto in charge of randomness, nice move. I
>> was wondering about how to do with the perfc and the unix_std at some
>> point, and ripping them off as you did is fine for me.
>
> Yeah. I didn't understand the need for the perfc stuff. Are there
> Windows systems that don't have the Crypto APIs? I doubt it, but the
> buildfarm will tell us in a moment if there are.
>
> And if we don't have a good source of randomness like /dev/random, I
> think it's better to fail, than try to collect entropy ourselves (which
> is what unix_std did). If there's a platform where that doesn't work,
> someone will hopefully send us a patch, rather than silently fall back
> to an iffy implementation.
Looks like Tom's old HP-UX box, pademelon, is not happy about this. Does
(that version of) HP-UX not have /dev/urandom?
I think we're going to need a bit more logging if no randomness source
is available. What we have now is just "could not generate random query
cancel key", which isn't very informative. Perhaps we should also call
pg_strong_random() once at postmaster startup, to check that it works,
instead of starting up but not accepting any connections.
- Heikki
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2016-10-17 14:50:23 | Re: [COMMITTERS] pgsql: Replace PostmasterRandom() with a stronger way of generating ran |
Previous Message | Heikki Linnakangas | 2016-10-17 14:31:12 | Re: Use EVP API pgcrypto encryption, dropping support for OpenSSL 0.9.6 and older |