tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: /dev/random is hot garbage

On Sun, Jul 21, 2019 at 07:20:08PM +0000, Taylor R Campbell wrote:
 > > /dev/randon actually works as documented and if rust wants /dev/urandom
 > > behavior it should use /dev/urandom. Also I'd like to get explained why
 > > a compiler needs that much random bits.
 > The difference is that /dev/random may block, and if it blocks, it
 > doesn't wake up until the entropy pool is seeded.  In contrast,
 > /dev/urandom never blocks, even if the entropy pool has not yet been
 > seeded.
 > There is no reason in modern cryptography to read more than one byte
 > from /dev/random ever in a single application; once you have done
 > that, or confirmed some other way that the the entropy pool is seeded,
 > you should generate keys from /dev/urandom.

There should be some way to do that without throwing away 8 random

 > This is _locally_ sensible for a library that may have many users
 > beyond a compiler.

No, not really; it's the system's responsibility.

David A. Holland

Home | Main Index | Thread Index | Old Index