[cryptography] urandom vs random

Patrick Mylund Nielsen cryptography at patrickmylund.com
Fri Aug 16 11:47:10 EDT 2013

On Fri, Aug 16, 2013 at 11:42 AM, Tony Arcieri <bascule at gmail.com> wrote:

> On Fri, Aug 16, 2013 at 6:32 AM, shawn wilson <ag4ve.us at gmail.com> wrote:
>> I thought that decent crypto programs (openssh, openssl, tls suites)
>> should read from random so they stay secure and don't start generating
>> /insecure/ data when entropy runs low.
> This presumes that urandom is somehow more "insecure", which is not the
> case despite the ancient scare-language in the manpage. The security of all
> stream ciphers rests in secure CSPRNGs. Meanwhile, /dev/random is not
> robust:
> https://cs.nyu.edu/~One of the prdodis/ps/rng.pdf<https://cs.nyu.edu/~dodis/ps/rng.pdf>
> --
> Tony Arcieri
Not for nothing, but that refers to both random and urandom, showing one
problem with the entropy estimation, and another with the pool mixing
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130816/725a3a70/attachment.html>

More information about the cryptography mailing list