[cryptography] urandom vs random

Nico Williams nico at cryptonector.com
Fri Aug 16 21:24:10 EDT 2013


On Fri, Aug 16, 2013 at 7:24 PM, D. J. Bernstein <djb at cr.yp.to> wrote:
> I'm not saying that /dev/urandom has a perfect API.  [...]

It might be useful to think of what a good API would be.  I've thought
before that the Unix everything-as-a-file philosophy makes for lame
entropy APIs, and yet it's what we have to work with...

I'd like something like /dev/urandom128 -> min. 128 bits of real
entropy in the pool.

I'd also wish open(2) of AF_LOCAL socket names were the same as a
connect(2) on the same thing, and to block like named pipe opens do
(why on Earth is this not so?  what could possibly break if it were
so?  considering that named pipe opens block... one would think
"nothing could break").  Then we could have each open of /dev/prngN
result in a PRNG octet stream seeded by N bits of real entropy.

(I saw a blog post recently about using AF_LOCAL sockets as PID files.
 Making open(2) of them == connect(2) to them would make that an
awesome idea.)

Nico
--


More information about the cryptography mailing list