Re: Getting randomic integers

[Florian Weimer <fw@...>]

* David Given:

> /dev/urandom is a variant of /dev/random that, when the entropy pool is
> empty, will return fake random numbers generated with a PRNG. As such it
> is not suitable for crypto purposes.

This is not true, the data is perfectly usable for almost any purpose
(unless there are bugs or breathtaking advancements in the open crypto
literature).

The advantage of /dev/random is that theoretically, you still get
unpredictable randomness even if the crypto is broken completely.  I
say "theoretically" because the code may or may not have this property
(but unlike the /dev/urandom case, the design doesn't preclude it) and
the kernel's entropy estimates used to be way off, so that the amount
of entropy in the pool was overestimated--that is, /dev/random blocked
too late.

Now everybody who has tried to use /dev/random for serious work on
servers will call me mad for suggesting that it might block too late.
Even today, you usually experience so much blocking that it's hardly
useful.  What I've seen in practice is that advice to use /dev/random
leads people to sort to home-grown generators or turn the crypto off
completely.

So just use /dev/urandom and sidestep this set of issues.