[cryptography] Duplicate primes in lots of RSA moduli
marsh at extendedsubset.com
Fri Feb 17 16:05:16 EST 2012
On 02/17/2012 02:51 PM, Jon Callas wrote:
> On Feb 17, 2012, at 12:41 PM, Nico Williams wrote:
>> I'd like for /dev/urandom to block, but only early in boot. Once
>> enough entropy has been gathered for it to start it should never
>> block. One way to achieve this is to block boot progress early
>> enough in booting by reading from /dev/random, thus there'd be no
>> need for /dev/urandom to ever block.
> I can understand why you might want that, but that would be wrong
> with a capital W. The whole *point* of /dev/urandom is that it
> doesn't block. If you want blocking behavior, you should be calling
Alternatively, we could specify a /dev/nrandom which has the behavior
> The correct solution is to have early-stage boot code
> call /dev/random if it wants blocking behavior.
Except when /dev/random is equivalent to to /dev/urandom, as in OpenBSD
and whatever Ben just posted from (FreeBSD perhaps?).
> (Note that I have completely ignored an argument of why blocking is
> rarely a good idea, which is the reason people call /dev/urandom. No
> one said software engineering was easy.)
"Don't block unless it's truly so soon after startup that the kernel's
(nondecreasing) accumulated entropy estimate is pathologically low"
ought to be a satisfiable requirement.
The guy who writes the ssh_keygen program shouldn't have to try to
figure out if he's being called from /etc/rc*, he should be able to get
what he needs from a standard device.
More information about the cryptography