From: akr@...
Date: 2017-01-19T10:02:26+00:00
Subject: [ruby-core:79163] [Ruby trunk Bug#9569] SecureRandom should try	/dev/urandom first

Issue #9569 has been updated by Akira Tanaka.


Bart de Water wrote:
> Akira Tanaka wrote:
> > Please update the man page first, if it is really out-dated.
> 
> This has happened with the Linux 4.09 release according to https://bugzilla.kernel.org/show_bug.cgi?id=71211. The random(4) man page at http://man7.org/linux/man-pages/man4/random.4.html now reads:

Great.

We discussed this issue today.

Our plan is :

1. Rename Random.raw_seed to Random.urandom to make sure that it is usable for non-seed purpose
2. SecureRandom use Random.urandom.


----------------------------------------
Bug #9569: SecureRandom should try /dev/urandom first
https://bugs.ruby-lang.org/issues/9569#change-62581

* Author: Corey Csuhta
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
* ruby -v: 
* Backport: 
----------------------------------------
Right now, `SecureRandom.random_bytes` tries to detect an OpenSSL to use before it tries to detect `/dev/urandom`. I think it should be the other way around. In both cases, you just need random bytes to unpack, so SecureRandom could skip the middleman (and [second point of failure](http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/)) and just talk to `/dev/urandom` directly if it's available.

Is this a case of just re-ordering the two code chunks so that `/dev/urandom` is tried first?

Relevant lines: https://github.com/ruby/ruby/blob/trunk/lib/securerandom.rb#L59-L90



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>