[Seaside-dev] Seaside Security
Sven Van Caekenberghe
sven at stfx.eu
Tue Feb 18 22:34:13 UTC 2014
I just read this on HN, about seeding a PRNG:
From the Canyon Edge: Improving Random Seeds in Ubuntu 14.04 LTS Cloud Instances
http://blog.dustinkirkland.com/2014/02/random-seeds-in-ubuntu-1404-lts-cloud.html
Of course there are old and new web services doing this, as web framework Seaside should use them !
ZnClient new get: 'https://entropy.ubuntu.com'.
ZnClient new get: 'http://www.random.org/cgi-bin/randbyte?nbytes=10&format=h'.
Sadly, the first call only works on Linux, not on Mac OS X, due to certificate problems.
On 10 Feb 2014, at 19:52, Sven Van Caekenberghe <sven at stfx.eu> wrote:
> On 10 Feb 2014, at 19:47, Paul DeBruicker <pdebruic at gmail.com> wrote:
>
>> For reading /dev/urandom to use as a seed we'd need FFI or OSProcess,
>> correct?
>
> No:
>
> '/dev/random' asFileReference
> readStreamDo: [ :stream |
> stream binary; next: 10 ]
>
> => #[111 170 202 225 218 206 40 167 94 165]
>
> Just like that, as secure as your OS I guess.
>
> Sven
More information about the seaside-dev
mailing list