Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
This manual page says:
Note: As of PHP 5.4.0 session.entropy_file defaults to
/dev/urandomor/dev/arandomif it is available. In PHP 5.3.0 this
directive is left empty by default.
So, what’s /dev/arandom and how does it differ from /dev/[u]random?
From here. It appears as though
arandomwill guarantee that sufficient entropy is present before returning the amount of data requested. It also appears to be limited to OpenBSD implementations.urandomwill return the amount of data requested no matter whether there is enough entropy — which obviously could introduce a vulnerability if there is not enough.