Forum: Ruby-core SecureRandom should try /dev/urandom first

De5a73022773d405027eb2fa03b9805f?d=identicon&s=25 unknown (Guest)
on 2014-02-27 00:32
(Received via mailing list)
Issue #9569 has been updated by Corey Csuhta.

Akira, can you address this point?

SecureRandom in Ruby will use /dev/urandom if OpenSSL is not available,
based on the code snippet I linked in the original post. This is
contrary to your statement that /dev/urandom is not safe for sessions,
or frequent access. As currently implemented, SecureRandom will access
/dev/urandom frequently if OpenSSL is not available.

Feature #9569: SecureRandom should try /dev/urandom first

* Author: Corey Csuhta
* Status: Rejected
* Priority: Normal
* Assignee:
* Category: lib
* Target version: current: 2.2.0
This topic is locked and can not be replied to.