[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Getting randomic integers
- From: Florian Weimer <fw@...>
- Date: Sun, 17 Jan 2010 20:27:57 +0100
* David Given:
> /dev/urandom is a variant of /dev/random that, when the entropy pool is
> empty, will return fake random numbers generated with a PRNG. As such it
> is not suitable for crypto purposes.
This is not true, the data is perfectly usable for almost any purpose
(unless there are bugs or breathtaking advancements in the open crypto
literature).
The advantage of /dev/random is that theoretically, you still get
unpredictable randomness even if the crypto is broken completely. I
say "theoretically" because the code may or may not have this property
(but unlike the /dev/urandom case, the design doesn't preclude it) and
the kernel's entropy estimates used to be way off, so that the amount
of entropy in the pool was overestimated--that is, /dev/random blocked
too late.
Now everybody who has tried to use /dev/random for serious work on
servers will call me mad for suggesting that it might block too late.
Even today, you usually experience so much blocking that it's hardly
useful. What I've seen in practice is that advice to use /dev/random
leads people to sort to home-grown generators or turn the crypto off
completely.
So just use /dev/urandom and sidestep this set of issues.
- References:
- Getting randomic integers, Luciano de Souza
- Re: Getting randomic integers, Eike Decker
- Re: Getting randomic integers, Luciano de Souza
- Re: Getting randomic integers, Gé Weijers
- Re: Getting randomic integers, Majic
- Re: Getting randomic integers, Alex Davies
- Re: Getting randomic integers, Majic
- Re: Getting randomic integers, Alex Davies
- Re: Getting randomic integers, Eike Decker
- Re: Getting randomic integers, Luiz Henrique de Figueiredo
- Re: Getting randomic integers, Rob Kendrick
- Re: Getting randomic integers, startx
- Re: Getting randomic integers, Rob Kendrick
- Re: Getting randomic integers, David Given