| From: | Oskari Saarenmaa <os(at)ohmu(dot)fi> |
|---|---|
| To: | Wim Lewis <wiml(at)omnigroup(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: pgcrypto: implement gen_random_uuid |
| Date: | 2014-01-13 07:24:38 |
| Message-ID: | 52D394B6.9010204@ohmu.fi |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
13.01.2014 04:35, Wim Lewis kirjoitti:
> One comment, this:
>
>> /* get 128 random bits */
>> int err = px_get_random_bytes(buf, 16);
>
> might be better to use px_get_pseudo_random_bytes(). UUIDs don't
> need to be unguessable or have perfect entropy; they just need to
> be collision-resistant. RFC4122 mentions this I think, and if you
> look at the ossp-uuid function that this is replacing, it also uses
> its internal PRNG for v4 UUIDs rather than strong high-entropy
> randomness.
>
> (The downside of requesting strong randomness when you don't need
> it is that it can potentially cause the server to block while the
> system gathers entropy.)
pgcrypto's px_get_pseudo_random_bytes is just a wrapper for
px_get_random_bytes which itself calls system_reseed and
fortuna_get_bytes. system_reseed function tries to read from
/dev/urandom, and only uses /dev/random if reading urandom fails, so it
should never block on systems which have urandom.
That said, it may still make sense to use px_get_pseudo_random_bytes
instead just in case it ever gets modified to do something lighter than
px_get_random_bytes.
Thanks for the review,
Oskari
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2014-01-13 07:27:35 | Re: plpgsql.consistent_into |
| Previous Message | Rajeev rastogi | 2014-01-13 07:04:50 | Re: Standalone synchronous master |