Re: /dev/random broken?

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Robert Love <rml@tech9.net>
To: Justin Pryzby <justinpryzby@users.sourceforge.net>
Cc: "Luca T." <luca-t@libero.it>, linux-kernel@vger.kernel.org
Subject: Re: /dev/random broken?
Date: 28 Jun 2003 19:31:42 -0700	[thread overview]
Message-ID: <1056853901.1988.3206.camel@localhost> (raw)
In-Reply-To: <20030629021018.GA26162@andromeda>

On Sat, 2003-06-28 at 19:10, Justin Pryzby wrote:

> /dev/urandom is what you want; it makes up its own entropy.  /dev/random
> uses entropy from user input (low order bits I imagine).  I assume that
> this is how other unixes work, too.

Actually, no. Both device files use entropy from the same location (the
entropy pool), which is derived from the same sources (various interrupt
timings and whatnot).

The difference between the two is that /dev/random keeps track of the
inherent entropy in the pool and will block when the entropy grows too
small. This is done as protection against any possible flaws in the
one-way hash employed on outgoing data. Theoretically, if someone was
able to break SHA-1, and they obtained a sufficiently large percentage
of the output data, they could theoretically determine some theoretical
state about the entropy pool. To prevent this theoretical attack,
/dev/random will not return any data while the entropy estimate is not
positive. This ensures there is enough entropy in the pool such that,
even if a single attacker has seen all the output thus far, they cannot
learn of the pool's state.

Also, as far as other Unix systems, I think /dev/random was first in
Linux. I know Mac OS X has /dev/random and /dev/urandom, but they both
behave like Linux's /dev/urandom.

	Robert Love

next prev parent reply	other threads:[~2003-06-29  2:15 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <E19WOvK-0001I7-00@andromeda>
2003-06-29  2:10 ` /dev/random broken? Justin Pryzby
2003-06-29  2:31   ` Robert Love [this message]
2003-06-29  2:36   ` Valdis.Kletnieks
2003-06-28 23:24 Luca T.
2003-07-01  4:30 ` H. Peter Anvin
  -- strict thread matches above, loose matches on Subject: below --
2003-06-28 23:18 Luca T.
2003-06-28 23:26 ` Rudo Thomas
2003-06-28 23:29 ` Måns Rullgård
2003-06-28 23:30 ` Tom Vier

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1056853901.1988.3206.camel@localhost \
    --to=rml@tech9.net \
    --cc=justinpryzby@users.sourceforge.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luca-t@libero.it \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox