Re: entropy of /dev/random vs. openssl rand

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jari Ruusu <jariruusu@users.sourceforge.net>
To: "Gisle Sælensminde" <Gisle.Salensminde@bccs.uib.no>
Cc: linux-crypto@nl.linux.org, linux-kernel@vger.kernel.org
Subject: Re: entropy of /dev/random vs. openssl rand
Date: Sat, 28 Apr 2007 20:26:14 +0300	[thread overview]
Message-ID: <463383B6.C3B5AE2C@users.sourceforge.net> (raw)
In-Reply-To: 463345DA.7010106@cbu.uib.no

Gisle Sælensminde wrote:
> Some people argue that a periodically reseeded cryptographic-quality
> random number generator is as secure as a true random number generator for
> all practical purposes.
[snip]
> I personally can't think of any realistic scenario where /dev/random would
> make you safe while /dev/urandom would make you sorry.

No problem if cryptographic-quality random number generator is reseeded
using high quality entropy. But saving/reseeding PRNG using a plaintext file
as most distros seem to do at shutdown and boot does not count as secure.
/dev/urandom state may be predictable for some time after boot. /dev/random
at least waits for new entropy before handing out random bits, and avoids
that predictable state pitfall.

Do most distros attempt to overwrite /var/lib/urandom/random-seed or
whatever after it has been used to reseed /dev/urandom? Does any distro
attempt to overwrite that file?

For the record, loop-AES versions of mount/losetup/swapon that set up random
key loop devices, use /dev/urandom. But they also attempt to work-around
possibly predictable boot-time /dev/urandom bits. The work-around is
basically random-seed save/restore (to backing device) but with 20
overwrites of saved-state after it has been used to create new encryption
keys. See source for more details.

-- 
Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD

     prev parent reply	other threads:[~2007-04-28 17:46 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-04-28 11:06 entropy of /dev/random vs. openssl rand markus reichelt
2007-04-28 13:02 ` Gisle Sælensminde
2007-04-28 17:26   ` Jari Ruusu [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=463383B6.C3B5AE2C@users.sourceforge.net \
    --to=jariruusu@users.sourceforge.net \
    --cc=Gisle.Salensminde@bccs.uib.no \
    --cc=linux-crypto@nl.linux.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.