[cryptography] urandom vs random
bascule at gmail.com
Fri Aug 16 11:42:47 EDT 2013
On Fri, Aug 16, 2013 at 6:32 AM, shawn wilson <ag4ve.us at gmail.com> wrote:
> I thought that decent crypto programs (openssh, openssl, tls suites)
> should read from random so they stay secure and don't start generating
> /insecure/ data when entropy runs low.
This presumes that urandom is somehow more "insecure", which is not the
case despite the ancient scare-language in the manpage. The security of all
stream ciphers rests in secure CSPRNGs. Meanwhile, /dev/random is not
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography