Re: Random not so random
Bruno Wolff III <bruno@wolff.to>
From: Bruno Wolff III <bruno@wolff.to>
To: Marco Colombo <pgsql@esiway.net>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Arnau Rebassa <arebassa@hotmail.com>, pgsql-general@postgresql.org
Date: 2004-10-04T17:25:21Z
Lists: pgsql-general
On Mon, Oct 04, 2004 at 18:58:41 +0200, Marco Colombo <pgsql@esiway.net> wrote: > > Actually, that should be done each time the random() function > is evaluated. (I have no familiarity with the code, so please That may be overkill, since I don't think that random has been advertised as a secure or even particularly strong random number generator. > bear with me if the suggestion is unsound). I'd even add a parameter > for "really" random data to be provided, by reading /dev/random > instead of /dev/urandom (but read(2) may block). You don't want to use /dev/random. You aren't going to get better random numbers that way and blocking reads is a big problem. > How about the following: > random() = random(0) = traditional random() > random(1) = best effort random() via /dev/urandom > random(2) = wait for really random bits via /dev/random It might be nice to have a secure random function available in postgres. Just using /dev/urandom is probably good enough to provide this service.