[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: [RFC] Support for /dev/urandom in kdelibs
From:       Ingo =?utf-8?q?Kl=C3=B6cker?= <kloecker () kde ! org>
Date:       2004-12-27 17:42:09
Message-ID: 200412271842.19572 () erwin ! ingo-kloecker ! de
[Download RAW message or body]


On Sunday 26 December 2004 21:36, Michael Buesch wrote:
> Quoting Albert Astals Cid <astals11@terra.es>:
> > KApplication::random() code seems to use /dev/urandom
>
> Ok, I see. But it's for "int" only.
> and KApplication::randomString() is for QString only.
> My idea was to standardize all random sequence generation in KDE.
> So that we can deprecate KApplication::random(),
> KApplication::randomString() and KRandomSequence and have it all in
> one central and easy to use class.
>
>
> BTW, the code of KApplication::random() looks a little bit strange to
> me. The comments in the following source snippet are mine.
>
> int KApplication::random()
> {
>    static int init = false;
> //        ^^^ Why not bool?
>    if (!init)
>    {
>       unsigned int seed;
>       init = true;
>       int fd = open("/dev/urandom", O_RDONLY);
> // Why only read the seed from /dev/urandom and not directly
> // the random data itself?

Because truly random bytes are extremely expensive and you'd run out of 
random bytes very quickly. You'll notice this when you try to generate 
an OpenPGP key just after starting your computer. Most likely gpg will 
use up all random bytes and ask you to play with the mouse and the 
keyboard so that some more entropy can be gathered.

There could of course be an additional method 
KApplication::trulyRandomButVeryExpensiveSoDontUseUnlessYouHaveVeryGoodReasons().

Regards,
Ingo

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]