foobar wrote:
See word *theoretically* , didn't urandom gather some data from
network-interfaces too so it may be affected. Nobody knows when it takes
data from device nr X.
My point was simply before you decide to link random to urandom for the
sake of Cyrus, you should consider the impact that will have on other
applications that need random numbers. If others have access to your
machine and you are generating private keys, they could exhaust all the
entropy from /dev/random, read enough of /dev/urandom to determine the
position in the sequence, and then know what random numbers your key
generation code used. Granted, it is far-fetched and a lot of work, but
when you are building a key that will be used for years and could
compromise other keys if revealed, it pays to be safe.
/dev/urandom appeared in solaris since version8 (patch). random's
device-number is 8 while urandom's is 9. What about if there is
config-option for this device?
When you build SASL, just define -DDEV_RANDOM=/dev/urandom.
--
John A. Tamplin Unix System Administrator
Emory University, School of Public Health +1 404/727-9931
