[RFC] Support for /dev/urandom in kdelibs

[Brad Hards]

On Thu, 30 Dec 2004 21:59 pm, Michael Buesch wrote:
> See KEntropySource as some kind of experimental stuff. I'm just
> playing around.
> But I see. Maybe it's over-designed.
I think that it is a bit messy, because the "randomness" part of the API (the 
Source enum) is really part of the implementation, and that normally 
indicates a design problem.
Also, the number of methods in QIODevice (and QDataStream) that don't really 
have any meaning is probably a bad sign too. As a user, I think of questsions 
such as "Why should I open()? Why should I need to close()? Why can't the 
KRandomiser class handle that for me?"

> A usage for this maybe my application PwManager.
> Currently I use this:
> http://webcvs.kde.org/kdeextragear-3/pwmanager/pwmanager/randomizer/randomi
>zer.h?rev=1.2&view=markup
>
> It also works with the >> operator but without QDataStream, so
> it's easier to use.
I think I like the explicit static methods better, but I could probably add 
operator>> (or operator<<) to QCA::Random if that would help.

I think that QCA (see kdesupport/qca/ for current CVS) could help enormously 
with PwManager (since it will provide nice crypto primitives including 
hashing and ciphers, convenient handling for keys, salts, secure memory, and 
so on). That is the real attraction of doing the cryptographic level 
randomness stuff in QCA - it can return a QCA::InitializationVector, rather 
than having to be a QByteArray which is a bit easy to mix up with another 
QByteArray that has the key, or yet another QByteArray that has the data you 
wanted to run through HMAC.... Maybe you could take a look at QCA, and 
provide feedback? Patches are great feedback too :)

Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20041230/61a4453f/attachment.sig>