From: Hiroshi Nakamura Date: 2011-06-23T15:47:44+09:00 Subject: [ruby-core:37309] Re: [Ruby 1.9 - Bug #4579] SecureRandom + OpenSSL may repeat with fork Hi, On Thu, Jun 23, 2011 at 08:15, Akira Tanaka wrote: >> We should avoid using >> /dev/urandom every time on the env w/o OpenSSL in the future. > > I'd like to say "Please install OpenSSL" for such request. Reasonable. Why don't you do so? I mean that removing /dev/urandom fallback from securerandom.rb and letting simply warn "Please install OpenSSL". > Cryptographic algorithms should be implemented/maintained by cryptographic experts but I am not a cryptographic expert. You wrote securerandom.rb. I think it's too late. :-) :-) Joking aside, since there's no cryptography expert around us, delegating PRNG thing to OpenSSL is good I think. Regards, // NaHi