On Mon, Sep 06, 2010 at 11:42:38AM +0200, "Clément Hermann (nodens)" wrote: > Le 06/09/2010 11:26, Ethariel a écrit : > > Hello, > > > > auto-answering. > > During the upgrade process the /dev/* permission were broken. It > > includes /dev/urandom which I think (can someone confirm) is used by SSL. > > Actually SSL is supposed to use /dev/random which provide better > randomness (because of better entropy gathered via keyboards and disks, > or better yet, hardware RNG), less likely to be predictable than > /dev/urandom. That's a nice theory. Have you seen how many people have posted to this list about imap freezing and poor throughput that have been caused by using /dev/random and it blocking? On the flip side, can you provide a single example of a successful attack against IMAP connections secured by /dev/urandom? Denial of service is a credible threat too, and unless you actually have a hardware randomness generator, the threats of using /dev/random are generally worse than the threats of using /dev/urandom. Bron ( who doesn't like black and white advice from ivory towers! ) ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
