Uploaded image for project: 'PuppetDB'
  1. PuppetDB
  2. PDB-521

Use /dev/urandom instead of /dev/random

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PDB 2.0.0
    • Component/s: None
    • Labels:
    • Template:
    • Story Points:
      2
    • Sprint:
      20140409 to 20140423

      Description

      We should switch PuppetDB to use /dev/urandom instead of /dev/random This will improve startup times and will help a lot of people running PuppetDB on virtual hardware as it will no longer block while waiting on enough entropy.

      People are usually scared of /dev/urandom but there's no need for that in this case. urandom is perfectly well suited for most cryptographic operations safe for generating long-lived SSL/GPG/SSH keys:

      If you are unsure about whether you should use /dev/random or /dev/urandom, then probably
      you want to use the latter. As a general rule, /dev/urandom should be used for everything except
      long-lived GPG/SSL/SSH keys.
      

      OpenSSL also defaults to using /dev/urandom.

        Attachments

          Activity

            jsd-sla-details-panel

              People

              • Assignee:
                Unassigned
                Reporter:
                daenney Daniele Sluijters
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: