Adar Dembo has posted comments on this change. Change subject: KUDU-1843. Client UUIDs should be cryptographically random ......................................................................
Patch Set 1: (2 comments) http://gerrit.cloudera.org:8080/#/c/6347/1/src/kudu/security/crypto.cc File src/kudu/security/crypto.cc: PS1, Line 258: std:: Nit: don't need Line 264: OPENSSL_RET_NOT_OK(RAND_bytes(buf.data(), bytes), "failed to generate random bytes"); I'm looking at https://wiki.openssl.org/index.php/Random_Numbers#Initialization. It looks like entropy is read from /dev/urandom rather than /dev/random; if you want to use the latter you have to call RAND_load_file() on it. Is that what we want? Is it secure to initialize openssl's PRNG using /dev/urandom, which is itself a PRNG? -- To view, visit http://gerrit.cloudera.org:8080/6347 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I0ea6868773cf046944f70c32c647184e4b48c772 Gerrit-PatchSet: 1 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <t...@apache.org> Gerrit-Reviewer: Adar Dembo <a...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: David Ribeiro Alves <dral...@apache.org> Gerrit-Reviewer: Kudu Jenkins Gerrit-HasComments: Yes
