[cryptography] Duplicate primes in lots of RSA moduli

Nico Williams nico at cryptonector.com
Fri Feb 17 16:03:27 EST 2012


On Fri, Feb 17, 2012 at 2:51 PM, Jon Callas <jon at callas.org> wrote:
> On Feb 17, 2012, at 12:41 PM, Nico Williams wrote:
>> On Fri, Feb 17, 2012 at 2:39 PM, Thierry Moreau
>> <thierry.moreau at connotech.com> wrote:
>>> If your /dev/urandom never blocks the requesting task irrespective of the
>>> random bytes usage, then maybe your /dev/random is not as secure as it might
>>> be (unless you have an high speed entropy source, but what is "high speed"
>>> in this context?)
>>
>> I'd like for /dev/urandom to block, but only early in boot.  Once
>> enough entropy has been gathered for it to start it should never
>> block.  One way to achieve this is to block boot progress early enough
>> in booting by reading from /dev/random, thus there'd be no need for
>> /dev/urandom to ever block.
>
> I can understand why you might want that, but that would be wrong with a capital W. The whole *point* of /dev/urandom is that it doesn't block. If you want blocking behavior, you should be calling /dev/random. The correct solution is to have early-stage boot code call /dev/random if it wants blocking behavior.

I was hoping you'd read the second sentence, where I basically say
that /dev/urandom shouldn't block, that the system should not progress
past where /dev/urandom is needed until /dev/urandom has enough
entropy.

Nico
--



More information about the cryptography mailing list