Re: pgcrypto seeding problem when ssl=on
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Andres Freund <andres@2ndquadrant.com>
Cc: Marko Kreen <markokr@gmail.com>, Noah Misch <noah@leadboat.com>, Postgres Hackers <pgsql-hackers@postgresql.org>
Date: 2012-12-23T19:54:10Z
Lists: pgsql-hackers
Andres Freund <andres@2ndquadrant.com> writes: > On 2012-12-22 14:20:56 -0500, Tom Lane wrote: >> I believe that we'd be better off doing something in postmaster.c to >> positively ensure that each session has a distinct seed value. > I am entirely unconvinced that adding in a gettimeofday() provides more > entropy than what openssl gathers internally after a > RAND_cleanup(). No, it doesn't provide more entropy, but what it does do is avoid draining entropy from the kernel (see my reply to Marko just now). > gettimeofday() will yield the same result in close > enough forks on a significant number of systems whereas openssl should > use stuff like /dev/urandom to initialize its PRNG after a cleanup. Well, in the first place, that doesn't matter much because the PRNG state will still change from repeated mix-ins of gettimeofday, even if we obtain the same reading successive times. In the second place, if we add it where I suggest, it would be easy to also include the child process PID in the added entropy -- we could xor it into the tv_sec value for instance -- thus further reducing the chance of identical values getting added in. regards, tom lane