tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Patch: new random pseudodevice
On Thu, 08 Dec 2011, Thor Lancelot Simon wrote:
The urandom device node will key the generator and output data
even if the kernel entropy pool estimates that it does not
have enough bits to provide an AES-128 key with ful entropy.
The random device node will block until sufficient bits are
available from the pool to key the generator.
So, /dev/urandom will never block, and each opened file descriptor
from /dev/random may block the first time you read or select from
it, but will not block again until it is re-keyed after 2^31 bits
(or is it bytes?) of output have been generated?
The previous /dev/random implementation would never give out
more data than the estimated entropy in the pool, so callers
could think that they were getting the highest quality possible.
Callers will now get 2^31 bits of output and consume only 128 bits
of entropy from the pool, so they may think that they are getting
lower quality output.
I have this naive idea that trying to get out more than you put
in is cheating, and I think it's fine for /dev/urandom to cheat,
but I am not happy about /dev/random cheating. Please could you
explain where I have misunderstood.
--apb (Alan Barrett)
Home |
Main Index |
Thread Index |
Old Index