> Note that the key generation code (in ares_init:randomize_key) has two
> versions, the Windows specific one uses a cryptographically safe
> function provided (but undocumented :) by the operating system
> (described at
> http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx).
> The default implementation is a bit naive and uses the standard 'rand'
> function. Surely a better way to generate random keys exists for other
> platforms.
Would it make sense to check for the existence of /dev/urandom or
/dev/random on non-windows machines and just read the necessary
bytes from that device? And fall back to rand() in a worst-case
scenario?
Possibly even support EGDs like PRNGd, which create a socket you
can connect to and read bytes from. You'd have to search a few
paths to find one though, typically something like:
/dev/egd-pool
/dev/prngd-pool
/etc/egd-pool
/etc/prngd-pool
/var/run/egd-pool
/var/run/prngd-pool
Have to look at OpenSSL to see the basic search paths they use.
-Brad
Received on 2007-05-30