Re: /dev/random is hot garbage

To: coypu%sdf.org@localhost
Subject: Re: /dev/random is hot garbage
From: Tobias Nygren <tnn%NetBSD.org@localhost>
Date: Sun, 21 Jul 2019 17:23:48 +0200

On Sun, 21 Jul 2019 15:05:53 +0000
coypu%sdf.org@localhost wrote:

> Rust reads a byte from /dev/random before deciding it's OK to read
> /dev/urandom. We are told this is the correct behaviour and that we
> shouldn't upstream "just use /dev/urandom/sysctl equivalent".

Who says this is correct behaviour? It isn't. random(4) has this to say:

"Applications should read from /dev/urandom when they need randomly
 generated data, e.g. key material for cryptography or seeds for
 simulations.

 Systems should be engineered to judiciously read at least once from
 /dev/random at boot before running any services that talk to the internet
 or otherwise require cryptography, in order to avoid generating keys
 predictably."

My interpretation of the above is that rust is not doing the right thing.
It is an application runtime, but behaves like an rc script.

Kind regards,
-Tobias

References:
- /dev/random is hot garbage
  - From: coypu
- Re: /dev/random is hot garbage
  - From: Mouse
- Re: /dev/random is hot garbage
  - From: coypu

Prev by Date: Re: /dev/random is hot garbage
Next by Date: Re: /dev/random is hot garbage
Previous by Thread: Re: /dev/random is hot garbage
Next by Thread: Re: /dev/random is hot garbage
Indexes:

Home | Main Index | Thread Index | Old Index