[cryptography] Duplicate primes in lots of RSA moduli

Jon Callas jon at callas.org
Fri Feb 17 15:51:55 EST 2012


On Feb 17, 2012, at 12:41 PM, Nico Williams wrote:

> On Fri, Feb 17, 2012 at 2:39 PM, Thierry Moreau
> <thierry.moreau at connotech.com> wrote:
>> If your /dev/urandom never blocks the requesting task irrespective of the
>> random bytes usage, then maybe your /dev/random is not as secure as it might
>> be (unless you have an high speed entropy source, but what is "high speed"
>> in this context?)
> 
> I'd like for /dev/urandom to block, but only early in boot.  Once
> enough entropy has been gathered for it to start it should never
> block.  One way to achieve this is to block boot progress early enough
> in booting by reading from /dev/random, thus there'd be no need for
> /dev/urandom to ever block.

I can understand why you might want that, but that would be wrong with a capital W. The whole *point* of /dev/urandom is that it doesn't block. If you want blocking behavior, you should be calling /dev/random. The correct solution is to have early-stage boot code call /dev/random if it wants blocking behavior.

(Note that I have completely ignored an argument of why blocking is rarely a good idea, which is the reason people call /dev/urandom. No one said software engineering was easy.)

	Jon




More information about the cryptography mailing list