[cryptography] urandom vs random

Patrick Mylund Nielsen cryptography at patrickmylund.com
Fri Aug 16 11:47:10 EDT 2013


On Fri, Aug 16, 2013 at 11:42 AM, Tony Arcieri <bascule at gmail.com> wrote:

> On Fri, Aug 16, 2013 at 6:32 AM, shawn wilson <ag4ve.us at gmail.com> wrote:
>
>> I thought that decent crypto programs (openssh, openssl, tls suites)
>> should read from random so they stay secure and don't start generating
>> /insecure/ data when entropy runs low.
>
>
> This presumes that urandom is somehow more "insecure", which is not the
> case despite the ancient scare-language in the manpage. The security of all
> stream ciphers rests in secure CSPRNGs. Meanwhile, /dev/random is not
> robust:
>
> https://cs.nyu.edu/~One of the prdodis/ps/rng.pdf<https://cs.nyu.edu/~dodis/ps/rng.pdf>
>
> --
> Tony Arcieri
>
>
Not for nothing, but that refers to both random and urandom, showing one
problem with the entropy estimation, and another with the pool mixing
function.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130816/725a3a70/attachment.html>


More information about the cryptography mailing list