From 4229457068d6a28cc11b506f127a7bb650ab18c1 Mon Sep 17 00:00:00 2001 From: Jay Berkenbilt Date: Sat, 5 Oct 2013 17:36:33 -0400 Subject: Security: use a secure random number generator If not available, give an error. The user may also configure qpdf to use an insecure random number generator. --- README | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'README') diff --git a/README b/README index e73d6694..445849e1 100644 --- a/README +++ b/README @@ -167,3 +167,22 @@ the test suite fails, test failure detail will be included in the build output. Otherwise, you will have to have access to the qtest.log file from the build to view test failures. The debian packages for qpdf enable this option, for example. + + +Random Number Generation +======================== + +When the qpdf detects either the Windows cryptography API or the +existence of /dev/urandom, /dev/arandom, or /dev/random, it uses them +to generate cryptography secure random numbers. If none of these +conditions are true, the build will fail with an error. It is +possible to configure qpdf with the --enable-insecure-random option, +in which case it will generate random numbers with stdlib's random() +or rand() calls instead. These random numbers are not cryptography +secure, but the qpdf library is fully functional using them. Using +non-secure random numbers means that it's easier in some cases to +guess encryption keys. If you're not generating encrypted files, +there's no advantage to using secure random numbers. + +If you are building qpdf on a platform that qpdf doesn't know how to +generate secure random numbers on, a patch would be welcome. -- cgit v1.2.3-70-g09d2