/dev/random vs. /dev/urandom and the krb5 test suite

Jeffrey Hutzelman jhutz at cmu.edu
Thu Jun 18 17:59:05 EDT 2009

--On Thursday, June 18, 2009 01:17:03 PM -0700 Russ Allbery 
<rra at stanford.edu> wrote:

> MIT Kerberos has been very bad at providing robustness around
> environment variables in the past.  Many people have been burned by
> this.  Having environment variables change features of code is widely
> considered to be a horrible interface decision for anything affecting
> security due to the way environment variables spread promiscuously.
> It's roundly ridiculed in security fora.  I would really hate to see MIT
> Kerberos add yet another place where magic environment variables change
> the code behavior.

I fully agree with Russ here.  Keep away from environment variables for 

-- Jeff

More information about the krbdev mailing list