Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
src: seed V8's random number generator at startup
The default entropy source is /dev/urandom on UNIX platforms, which is okay but we can do better by seeding it from OpenSSL's entropy pool. On Windows we can certainly do better; on that platform, V8 seeds the random number generator using only the current system time. Fixes #6250. NB: This is a back-port of commit 7ac2391 from the master branch that for some reason never got back-ported to the v0.10 branch. The default on UNIX platforms in v0.10 is different and arguably worse than it is with master: if no entropy source is provided, V8 3.14 calls srandom() with a xor of the PID and the current time in microseconds. That means that on systems with a coarse system clock, the initial state of the PRNG may be easily guessable. The situation on Windows is even more dire because there the PRNG is seeded with only the current time... in milliseconds.
- Loading branch information