Todd Lipcon has posted comments on this change. Change subject: KUDU-1843. Client UUIDs should be cryptographically random ......................................................................
Patch Set 1: (3 comments) http://gerrit.cloudera.org:8080/#/c/6347/1/src/kudu/security/crypto-test.cc File src/kudu/security/crypto-test.cc: PS1, Line 257: for (int i = 0; i < 5; i++) { > nit: would running this for 100 iters or something increase meaningfully ch nah, I don't think so. With 128-bit strings as we're using here, we'd need 10^16 iterations to reach a one-in-a-million chance of collision :) (https://en.wikipedia.org/wiki/Birthday_problem) http://gerrit.cloudera.org:8080/#/c/6347/1/src/kudu/security/crypto.cc File src/kudu/security/crypto.cc: PS1, Line 258: std:: > Nit: don't need Done Line 264: OPENSSL_RET_NOT_OK(RAND_bytes(buf.data(), bytes), "failed to generate random bytes"); > I'm looking at https://wiki.openssl.org/index.php/Random_Numbers#Initializa https://security.stackexchange.com/questions/3936/is-a-rand-from-dev-urandom-secure-for-a-login-key says that urandom is suitably random for this type of application. That's also the advice I've read in other recent sources -- To view, visit http://gerrit.cloudera.org:8080/6347 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I0ea6868773cf046944f70c32c647184e4b48c772 Gerrit-PatchSet: 1 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <t...@apache.org> Gerrit-Reviewer: Adar Dembo <a...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: David Ribeiro Alves <dral...@apache.org> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon <t...@apache.org> Gerrit-HasComments: Yes