[Mono-devel-list] Patch for using egd/prngd for random numbers
spouliot at videotron.ca
Tue Apr 27 19:36:30 EDT 2004
In security environment variables are generally considered an untrusted user
input. However I don't know much about EGD so I can't say if it could be
misused or not. But if this can lead to disclosure of the random data (even
partial) then all generated keys (symmetric or asymmetric) may be
As an alternative the file machine.config already contains many security
mapping required for the class libraries - but this is an XML file.
From: mono-devel-list-admin at lists.ximian.com
[mailto:mono-devel-list-admin at lists.ximian.com]On Behalf Of Bernie
Sent: 27 avril 2004 14:27
To: Miguel de Icaza
Cc: mono-devel-list at lists.ximian.com
Subject: Re: [Mono-devel-list] Patch for using egd/prngd for random
OK (I had that at one stage while I was writing it).
Any thoughts on how to pick up the name of the socket? Is the env var
OK? Or should it go in some config file and if so which?
----- Original Message -----
From: "Miguel de Icaza" <miguel at ximian.com>
To: "Bernie Solomon" <bernard at ugsolutions.com>
Cc: <mono-devel-list at lists.ximian.com>
Sent: Monday, April 26, 2004 6:08 PM
Subject: Re: [Mono-devel-list] Patch for using egd/prngd for random numbers
> > I've been meaning to send this round for a bit. Here is a patch
> > to enable use of egd or prngd for random numbers for machines
> > without /dev/random.
> > It adds an option to configure --with-egd which can be
> > "yes" meaning use the env var MONO_EGD_SOCKET for
> > getting the socket to talk to the daemon, or can be the
> > name of the path to the socket if you want to compile this
> > in as an absolute reference.
> > Any issues?
> I would build the code always, and only activate it if /dev/random is
> missing and we can talk to the server, as opposed to making it
Mono-devel-list mailing list
Mono-devel-list at lists.ximian.com
More information about the Mono-devel-list