45170 – Should use /dev/urandom for entroy

Bug 45170 - Should use /dev/urandom for entroy

Summary: Should use /dev/urandom for entroy

Status:	RESOLVED FIXED

Alias:	None

Product:	APR
Classification:	Unclassified
Component:	APR (show other bugs)
Version:	HEAD
Hardware:	PC Linux

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache Portable Runtime bugs mailinglist

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-06-09 11:55 UTC by Craig
Modified:	2008-06-09 13:18 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Craig 2008-06-09 11:55:48 UTC

APR presently uses /dev/random for entropy. Since /dev/random blocks if no entropy is available, and on servers, entropy tends not be generated too quickly, applications that are used often then use APR to get entropy tend to block and hence become useless.

I reported this bug in mod_auth_cas here, and the developer pointed me to the APR, so I created this bug report. Here's the original issue: http://www.ja-sig.org/issues/browse/MAS-16

Comment 1 William A. Rowe Jr. 2008-06-09 13:18:39 UTC

See apr-1.3.0 - this was already addressed.