[cryptography] urandom vs random

Tony Arcieri bascule at gmail.com
Fri Aug 16 15:30:56 EDT 2013


On Fri, Aug 16, 2013 at 9:18 AM, Patrick Mylund Nielsen <
cryptography at patrickmylund.com> wrote:

> Yes, but they aren't talking about urandom. Your reply made it sound like
> random is weak, but the paper points to both (as urandom is seeded by
> random), and they propose a new AES-based PRNG that accumulates entropy
> properly.
>

I'm not sure if you feel the same way, but the  opinion of many uneducated
observers[1] seems to be that using a PRNG at all in these contexts is
"insecure" when that is absolutely not the case, and for the most part
there isn't a meaningful difference between the security of random vs
urandom except that random will run out of entropy.

The "urandom is insecure" claims are specifically what I was trying to
challenge, and I hope this paper helps drive it home. If "urandom is
insecure" it isn't more so than /dev/random

[1]:
http://arstechnica.com/security/2013/08/google-confirms-critical-android-crypto-flaw-used-in-5700-bitcoin-heist/?comments=1&post=25102733#comment-25102733

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130816/4d4068db/attachment.html>


More information about the cryptography mailing list