From: Koichi Sasada Date: 2011-06-11T17:02:08+09:00 Subject: [ruby-core:37016] [Ruby 1.9 - Bug #4579][Assigned] SecureRandom + OpenSSL may repeat with fork Issue #4579 has been updated by Koichi Sasada. Status changed from Open to Assigned Assignee set to Hiroshi NAKAMURA ---------------------------------------- Bug #4579: SecureRandom + OpenSSL may repeat with fork http://redmine.ruby-lang.org/issues/4579 Author: Eric Wong Status: Assigned Priority: Normal Assignee: Hiroshi NAKAMURA Category: lib Target version: 1.9.x ruby -v: - =begin This could arguably be a bug in OpenSSL or the openssl extension, but I think it's easier to fix in Ruby right now. The PRNG in OpenSSL uses the PID to seed the PRNG. Since PIDs get recycled over time on Unix systems, this means independent processes over a long time span will repeat random byte sequences. This has security implications, but fortunately very little software forks very frequently. I am not a security expert. I am using OpenSSL 0.9.8g-15+lenny11 (Debian Lenny) Attached is a script that reproduces the issue (takes a while to run). It'll output two identical lines to illustrate the issue. =end -- http://redmine.ruby-lang.org