Randomness

Prosody requires a good source of randomness to generate various tokens that need to be unpredictable. Often this is required for adequate security.

Currently on all platforms we use the /dev/urandom file provided by the operating system for this.

Questions

What about platforms with no urandom?

This will require a patch or override for util.random (or util.uuid in Prosody 0.9.x). Please contact developers@prosody.im for assistance.

What about Windows?

Unfortunately we have had to drop Windows support in 0.9.9.

Why does Prosody write to urandom?

Writing to /dev/urandom allows applications to feed data into the randomness pool, which improves the quality of the generated random numbers generated. It is not essential however, and in 0.9.10 this functionality has been removed due to permissions issues on some systems/configurations. For versions before 0.9.10, it is not configurable and a patch is required to change the behaviour. For more information see also issue #585.

 
doc/random.txt · Last modified: 2016/01/14 01:15 by Matthew Wild