[Seaside-dev] Seaside Security
Philippe Marschall
philippe.marschall at gmail.com
Wed Feb 19 08:56:16 UTC 2014
On Tue, Feb 18, 2014 at 11:34 PM, Sven Van Caekenberghe <sven at stfx.eu> wrote:
> I just read this on HN, about seeding a PRNG:
>
> From the Canyon Edge: Improving Random Seeds in Ubuntu 14.04 LTS Cloud Instances
>
> http://blog.dustinkirkland.com/2014/02/random-seeds-in-ubuntu-1404-lts-cloud.html
That article seems to suggest that sometimes it's better to use
/dev/urandom as a seed instead of /dev/random
> Of course there are old and new web services doing this, as web framework Seaside should use them !
I generally don't like frameworks that connect to the Internet. It can
also cause trouble in certain enterprise environments (but then what
doesn't).
> ZnClient new get: 'https://entropy.ubuntu.com'.
Uh oh, this seems to be AGPL.
> ZnClient new get: 'http://www.random.org/cgi-bin/randbyte?nbytes=10&format=h'.
>
> Sadly, the first call only works on Linux, not on Mac OS X, due to certificate problems.
Cheers
Philippe
More information about the seaside-dev
mailing list