[cryptography] urandom vs random
lists at eitanadler.com
Fri Aug 16 10:39:20 EDT 2013
On Fri, Aug 16, 2013 at 3:32 PM, shawn wilson <ag4ve.us at gmail.com> wrote:
> I thought that decent crypto programs (openssh, openssl, tls suites)
> should read from random so they stay secure and don't start generating
> /insecure/ data when entropy runs low.
Depends on the operating system.
> The only way I could see this
> as being a smart thing to do is if these programs also looked at how
> much entropy the kernel had and stopped when it got ~50 or so. Is this
> the way things are done when these programs use urandom or what?
On Linux programs generating long term keys should read from
/dev/random (which may block).
On FreeBSD /dev/random and /dev/urandom are identical.
More information about the cryptography