[cryptography] urandom vs random

Tony Arcieri bascule at gmail.com
Fri Aug 16 11:42:47 EDT 2013


On Fri, Aug 16, 2013 at 6:32 AM, shawn wilson <ag4ve.us at gmail.com> wrote:

> I thought that decent crypto programs (openssh, openssl, tls suites)
> should read from random so they stay secure and don't start generating
> /insecure/ data when entropy runs low.


This presumes that urandom is somehow more "insecure", which is not the
case despite the ancient scare-language in the manpage. The security of all
stream ciphers rests in secure CSPRNGs. Meanwhile, /dev/random is not
robust:

https://cs.nyu.edu/~dodis/ps/rng.pdf

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130816/f90b4fb6/attachment.html>


More information about the cryptography mailing list