< :前の番号
^ :番号順リスト
> :次の番号
P :前の記事(スレッド移動)
N :次の記事
|<:前のスレッド
>|:次のスレッド
^ :返事先
_:自分への返事
>:同じ返事先を持つ記事(前)
<:同じ返事先を持つ記事(後)
---:分割してスレッド表示、再表示
| :分割して(縦)スレッド表示、再表示
~ :スレッドのフレーム消去
.:インデックス
..:インデックスのインデックス
Issue #4579 has been updated by Motohiro KOSAKI.
Eeek. I dislike to remove OpenSSL dependency from SecureRadom. Because /dev/urandom is less secure than OpenSSL.
----------------------------------------
Bug #4579: SecureRandom + OpenSSL may repeat with fork
http://redmine.ruby-lang.org/issues/4579
Author: Eric Wong
Status: Assigned
Priority: Normal
Assignee: Akira Tanaka
Category: lib
Target version: 1.9.x
ruby -v: -
=begin
This could arguably be a bug in OpenSSL or the openssl extension, but
I think it's easier to fix in Ruby right now.
The PRNG in OpenSSL uses the PID to seed the PRNG. Since PIDs get
recycled over time on Unix systems, this means independent processes
over a long time span will repeat random byte sequences. This has
security implications, but fortunately very little software forks
very frequently. I am not a security expert.
I am using OpenSSL 0.9.8g-15+lenny11 (Debian Lenny)
Attached is a script that reproduces the issue (takes a while to run).
It'll output two identical lines to illustrate the issue.
=end
--
http://redmine.ruby-lang.org