/dev/random vs. /dev/urandom and the krb5 test suite
Jeffrey Hutzelman
jhutz at cmu.edu
Thu Jun 18 17:59:05 EDT 2009
--On Thursday, June 18, 2009 01:17:03 PM -0700 Russ Allbery
<rra at stanford.edu> wrote:
> MIT Kerberos has been very bad at providing robustness around
> environment variables in the past. Many people have been burned by
> this. Having environment variables change features of code is widely
> considered to be a horrible interface decision for anything affecting
> security due to the way environment variables spread promiscuously.
> It's roundly ridiculed in security fora. I would really hate to see MIT
> Kerberos add yet another place where magic environment variables change
> the code behavior.
I fully agree with Russ here. Keep away from environment variables for
this.
-- Jeff
More information about the krbdev
mailing list