From: Theodore Tso <tytso@mit.edu>
To: David Wagner <daw@mozart.cs.berkeley.edu>
Cc: linux-kernel@vger.kernel.org
Subject: Re: /dev/random in 2.4.6
Date: Mon, 20 Aug 2001 21:20:53 -0400 [thread overview]
Message-ID: <20010820212053.B20957@thunk.org> (raw)
In-Reply-To: <Pine.LNX.4.30.0108200903580.4612-100000@waste.org> <2251207905.998322034@[10.132.112.53]> <9lrc6u$6pv$1@abraham.cs.berkeley.edu>
In-Reply-To: <9lrc6u$6pv$1@abraham.cs.berkeley.edu>; from daw@mozart.cs.berkeley.edu on Mon, Aug 20, 2001 at 04:00:30PM +0000
On Mon, Aug 20, 2001 at 04:00:30PM +0000, David Wagner wrote:
>
> I don't see why not. Apply this change, and use /dev/urandom.
> You'll never block, and the outputs should be thoroughly unpredictable.
> What's missing?
Absolutely. And if /dev/urandom is not unpredictable, that means
someone has broken SHA-1 in a pretty complete way, in which case it's
very likely that most of the users of the randomness are completely
screwed, since they probably depend on SHA-1 (or some other MAC which
is probably in pretty major danger if someone has indeed managed to
crack SHA-1).
> (I don't see why so many people use /dev/random rather than /dev/urandom.
> I harbor suspicions that this is a misunderstanding about the properties
> of pseudorandom number generation.)
Probably. /dev/random is probably appropriate when you're trying to
get randomness for a long-term RSA/DSA key, but for session key
generation which is what most server boxes will be doing, /dev/urandom
will be just fine.
Of course, then you have the crazies who are doing Monte Carlo
simulations, and then send me mail asking why using /dev/urandom is so
slow, and how can they the reseed /dev/urandom so they can get
repeatable, measureable results on their Monte Carlo sinulations....
- Ted
next prev parent reply other threads:[~2001-08-21 1:21 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-08-15 15:07 /dev/random in 2.4.6 Steve Hill
2001-08-15 15:21 ` Richard B. Johnson
2001-08-15 15:27 ` Steve Hill
2001-08-15 15:42 ` Richard B. Johnson
2001-08-15 16:29 ` Tim Walberg
2001-08-15 17:13 ` Andreas Dilger
2001-08-16 8:37 ` Steve Hill
2001-08-16 19:11 ` Andreas Dilger
2001-08-16 19:35 ` Alex Bligh - linux-kernel
2001-08-16 20:30 ` Andreas Dilger
2001-08-17 0:49 ` Robert Love
2001-08-17 1:05 ` Robert Love
2001-08-19 17:29 ` David Wagner
2001-08-17 21:18 ` Theodore Tso
2001-08-17 22:05 ` David Schwartz
2001-08-19 15:13 ` Theodore Tso
2001-08-19 15:33 ` Rob Radez
2001-08-19 17:32 ` David Wagner
2001-08-19 23:32 ` Oliver Xymoron
2001-08-20 7:40 ` Helge Hafting
2001-08-20 14:01 ` Oliver Xymoron
2001-08-20 13:37 ` Alex Bligh - linux-kernel
2001-08-20 14:12 ` Oliver Xymoron
2001-08-20 14:40 ` Alex Bligh - linux-kernel
2001-08-20 14:55 ` Chris Friesen
2001-08-20 15:22 ` Oliver Xymoron
2001-08-20 15:25 ` Doug McNaught
2001-08-20 15:42 ` Chris Friesen
2001-08-21 10:03 ` Steve Hill
2001-08-21 18:14 ` David Wagner
2001-08-20 16:01 ` David Wagner
2001-08-20 19:30 ` Gérard Roudier
2001-08-20 15:07 ` Oliver Xymoron
2001-08-21 8:33 ` Alex Bligh - linux-kernel
2001-08-21 16:13 ` Oliver Xymoron
2001-08-21 17:44 ` Alex Bligh - linux-kernel
2001-08-21 18:24 ` David Wagner
2001-08-21 18:49 ` Alex Bligh - linux-kernel
2001-08-21 19:04 ` Oliver Xymoron
2001-08-21 19:20 ` Alex Bligh - linux-kernel
2001-08-21 21:44 ` Robert Love
2001-08-21 18:19 ` David Wagner
2001-08-20 16:00 ` David Wagner
2001-08-21 1:20 ` Theodore Tso [this message]
2001-08-21 8:39 ` Alex Bligh - linux-kernel
2001-08-21 10:46 ` Marco Colombo
2001-08-21 12:40 ` Alex Bligh - linux-kernel
2001-08-21 17:06 ` cfs+linux-kernel
2001-08-21 17:48 ` Alex Bligh - linux-kernel
2001-08-21 18:27 ` David Wagner
2001-08-21 18:25 ` David Wagner
2001-08-20 22:55 ` D. Stimits
2001-08-21 1:06 ` David Schwartz
2001-08-19 17:31 ` David Wagner
2001-08-19 17:27 ` David Wagner
2001-08-15 19:25 ` Alex Bligh - linux-kernel
2001-08-15 20:55 ` Robert Love
2001-08-15 21:27 ` Alex Bligh - linux-kernel
2001-08-16 8:55 ` Steve Hill
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010820212053.B20957@thunk.org \
--to=tytso@mit.edu \
--cc=daw@mozart.cs.berkeley.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox