Uploaded image for project: 'PuppetDB'
  1. PuppetDB
  2. PDB-521

Use /dev/urandom instead of /dev/random

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PDB 2.0.0
    • Component/s: None
    • Labels:
    • Template:
    • Story Points:
      2
    • Sprint:
      20140409 to 20140423

      Description

      We should switch PuppetDB to use /dev/urandom instead of /dev/random This will improve startup times and will help a lot of people running PuppetDB on virtual hardware as it will no longer block while waiting on enough entropy.

      People are usually scared of /dev/urandom but there's no need for that in this case. urandom is perfectly well suited for most cryptographic operations safe for generating long-lived SSL/GPG/SSH keys:

      If you are unsure about whether you should use /dev/random or /dev/urandom, then probably
      you want to use the latter. As a general rule, /dev/urandom should be used for everything except
      long-lived GPG/SSL/SSH keys.
      

      OpenSSL also defaults to using /dev/urandom.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              daenney Daniele Sluijters
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support