[RFC] Support for /dev/urandom in kdelibs

Michael Buesch mbuesch at freenet.de
Thu Dec 30 12:06:41 GMT 2004 

Quoting Brad Hards <bradh at frogmouth.net>:
> On Thu, 30 Dec 2004 21:59 pm, Michael Buesch wrote:
> > See KEntropySource as some kind of experimental stuff. I'm just
> > playing around.
> > But I see. Maybe it's over-designed.
> I think that it is a bit messy, because the "randomness" part of the API (the 
> Source enum) is really part of the implementation, and that normally 
> indicates a design problem.
> Also, the number of methods in QIODevice (and QDataStream) that don't really 
> have any meaning is probably a bad sign too. As a user, I think of questsions 
> such as "Why should I open()? Why should I need to close()? Why can't the 
> KRandomiser class handle that for me?"
> 
> > A usage for this maybe my application PwManager.
> > Currently I use this:
> > http://webcvs.kde.org/kdeextragear-3/pwmanager/pwmanager/randomizer/randomi
> >zer.h?rev=1.2&view=markup
> >
> > It also works with the >> operator but without QDataStream, so
> > it's easier to use.
> I think I like the explicit static methods better, but I could probably add 
> operator>> (or operator<<) to QCA::Random if that would help.
> 
> I think that QCA (see kdesupport/qca/ for current CVS) could help enormously 
> with PwManager (since it will provide nice crypto primitives including 
> hashing and ciphers, convenient handling for keys, salts, secure memory, and 
> so on). That is the real attraction of doing the cryptographic level 
> randomness stuff in QCA - it can return a QCA::InitializationVector, rather 
> than having to be a QByteArray which is a bit easy to mix up with another 
> QByteArray that has the key, or yet another QByteArray that has the data you 
> wanted to run through HMAC.... Maybe you could take a look at QCA, and 
> provide feedback? Patches are great feedback too :)

I already looked at it in the past. It's nice and I considered usage of it
in PwManager.
I'm sorry that i can't provide patches as I've got more than enough work
pending in millions of other projects. ;)

And yes, you are right. KEntropySource is over-designed
and not really neccessary.
But I still want to see a standardized random data source in KDE. QCA might
do a nice job there.

Thanks for your feedback.

> Brad
> 

-- 
Regards Michael Buesch  [ http://www.tuxsoft.de.vu ]


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20041230/cc260c86/attachment.sig>

More information about the kde-core-devel mailing list