Forum: Ruby-core SecureRandom should try /dev/urandom first

De5a73022773d405027eb2fa03b9805f?d=identicon&s=25 unknown (Guest)
on 2014-02-27 00:32
(Received via mailing list)
Issue #9569 has been updated by Corey Csuhta.


Akira, can you address this point?

<blockquote>
SecureRandom in Ruby will use /dev/urandom if OpenSSL is not available,
based on the code snippet I linked in the original post. This is
contrary to your statement that /dev/urandom is not safe for sessions,
or frequent access. As currently implemented, SecureRandom will access
/dev/urandom frequently if OpenSSL is not available.
</blockquote>

----------------------------------------
Feature #9569: SecureRandom should try /dev/urandom first
https://bugs.ruby-lang.org/issues/9569#change-45496

* Author: Corey Csuhta
* Status: Rejected
* Priority: Normal
* Assignee:
* Category: lib
* Target version: current: 2.2.0
This topic is locked and can not be replied to.