Re: /dev/random is hot garbage

To: <joerg%bec.de@localhost>
Subject: Re: /dev/random is hot garbage
From: <Paul.Koning%dell.com@localhost>
Date: Sun, 21 Jul 2019 21:13:48 +0000

> On Jul 21, 2019, at 5:03 PM, Joerg Sonnenberger <joerg%bec.de@localhost> wrote:
> 
> 
> [EXTERNAL EMAIL] 
> 
> On Sun, Jul 21, 2019 at 08:50:30PM +0000, Paul.Koning%dell.com@localhost wrote:
>> /dev/urandom is equivalent to /dev/random if there is adequate entropy,
>> but it will also deliver random numbers not suitable for cryptography before that time.
> 
> This is somewhat misleading. The problem is that with an unknown entropy
> state, the system cannot ensure that an attacker couldn't predict the
> seed used for the /dev/urandom stream. That doesn't mean that the stream
> itself is bad. It will still pass any statistical test etc.

That's exactly my point.  If you're interested in a statistically high quality pseudo-random bit stream, /dev/urandom is a gread source.  But if you need a cryptographically strong random number, then you can't safely proceed with an unknown entropy state for the reason you stated, which translates into "you must use /dev/random".

> Note that with the option of seeding the CPRNG at boot time, a lot of
> the distinction is actually moot.

Yes, if at boot time you get enough entropy then /dev/random is unblocked.  The distinction still matters because an application can't know this, so it should express its requirements by choosing the correct device.

	paul

Follow-Ups:
- Re: /dev/random is hot garbage
  - From: Joerg Sonnenberger

References:
- Re: /dev/random is hot garbage
  - From: Taylor R Campbell
- Re: /dev/random is hot garbage
  - From: Paul.Koning
- Re: /dev/random is hot garbage
  - From: Joerg Sonnenberger

Prev by Date: fallocate for ffs
Next by Date: resettodr() and (over)use of I2C_F_POLL
Previous by Thread: Re: /dev/random is hot garbage
Next by Thread: Re: /dev/random is hot garbage
Indexes:

Home | Main Index | Thread Index | Old Index