Re: Bug#134774: slapd: fails to install

[Stephen Stafford <stephen@clothcat.demon.co.uk>]

On Fri, Feb 22, 2002 at 07:58:56AM -0500, Andrew Pimlott wrote:
> On Thu, Feb 21, 2002 at 07:57:09PM +0100, Nils Rennebarth wrote:
> > BTW: This is the script I use, are there comments available from security
> > experts? Does anybody know a version that uses sh only and does not rely on
> > perl?
> ...
> > if (!open(R,"/dev/random")) {
> 
> I would generally say, don't use /dev/random unless you need _true_
> randomness (and understand why).  Otherwise, you're only draining
> entropy.
> 
> I would just use rand and srand (which uses /dev/urandom) in Perl.
> 

Hmm, correct me if I am wrong, but don't both random and urandom pull bits
from the entropy pool?  The difference being that if /dev/random is being
read then further reads are blocked until there is more entropy, but with
urandom if the entropy pool is empty and more bits are requested a PRNG is
used instead.

This is what I read from random(4) anyway, but as always, happy to be
educated otherwise :)

Stephen