[cryptography] urandom vs random

Eitan Adler lists at eitanadler.com
Fri Aug 16 10:39:20 EDT 2013

On Fri, Aug 16, 2013 at 3:32 PM, shawn wilson <ag4ve.us at gmail.com> wrote:
> I thought that decent crypto programs (openssh, openssl, tls suites)
> should read from random so they stay secure and don't start generating
> /insecure/ data when entropy runs low.

Depends on the operating system.

> The only way I could see this
> as being a smart thing to do is if these programs also looked at how
> much entropy the kernel had and stopped when it got ~50 or so. Is this
> the way things are done when these programs use urandom or what?

On Linux programs generating long term keys should read from
/dev/random (which may block).

On FreeBSD /dev/random and /dev/urandom are identical.

Eitan Adler

More information about the cryptography mailing list