On Thu, 2004-12-30 at 13:54 +0100, Johannes Berg wrote:
I'm facing a problem with dovecot 1.0 test-59; ever since I installed it and use it my random pool is always depleted whenever someone opens an imap connection. This wouldn't be too bad if the machine was used interactively, but since it is not and other services read directly from /dev/random those are sometimes blocked due to dovecot depleting the pool by reading /dev/urandom.
I thought /dev/urandom didn't affect /dev/random? Guess I was wrong. Or is this Linux?
Thus my question: is it really necessary to use random numbers from /dev/urandom for temporary filenames? And even if, couldn't it use less? It apparently uses 8 bytes every time.
I guess I could add random_weak_fill() function which they use, which would basically call just rand().
Other things that use randomness are non-plaintext authentication mechanisms, maybe most importantly APOP, which if enabled reads 16 bytes for every POP3 login even if it's not using APOP.