Project

General

Profile

Bug #9569

SecureRandom should try /dev/urandom first

Added by cjcsuhta (Corey Csuhta) almost 7 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
ruby -v:
Backport:
[ruby-core:61094]

Description

Right now, SecureRandom.random_bytes tries to detect an OpenSSL to use before it tries to detect /dev/urandom. I think it should be the other way around. In both cases, you just need random bytes to unpack, so SecureRandom could skip the middleman (and second point of failure) and just talk to /dev/urandom directly if it's available.

Is this a case of just re-ordering the two code chunks so that /dev/urandom is tried first?

Relevant lines: https://github.com/ruby/ruby/blob/trunk/lib/securerandom.rb#L59-L90


Related issues

Related to Ruby master - Bug #13885: Random.urandom と securerandom についてClosedActions
Related to Ruby master - Bug #14716: SecureRandom throwing an error in Ruby 2.5.1OpenActions
Related to Ruby master - Bug #15039: Random.urandom and SecureRandom arc4random useClosedActions
Related to Ruby master - Misc #17319: Rename Random.urandom to os_random and document random data sourcesRejectedActions

Also available in: Atom PDF