[cryptography] urandom vs random
ben at links.org
Sat Aug 17 07:46:06 EDT 2013
On 17 August 2013 06:01, ianG <iang at iang.org> wrote:
> On 17/08/13 10:57 AM, Peter Gutmann wrote:
>> Nico Williams <nico at cryptonector.com> writes:
>> It might be useful to think of what a good API would be.
>> The problem isn't the API, it's the fact that you've got two mutually
>> exclusive requirements, the security geeks want the (P)RNG to block until
>> enough entropy is available, everyone else wants execution to continue
>> being blocked. In other words a failure of security is preferred to a
>> of functionality. Until you resolve that conflict, no API (re)design is
>> to help you.
> (not answering the posts sepcifically but) the rule of thumb I've always
> used is this:
> If you don't care so much about security then use the tools that are
> provided, and suffer an occasional glitch. Don't worry too much about the
> glitches coz your business already told you, you don't care too much about
> the security / randomness. All those cypherpunkian arguments can go to
> hell, you've got customers to care for.
> OTOH, if you care a lot, then you have to write your own. The design is
> now very well established. Many sources -> mixer/pool -> deterministic
> PRNG. It's really not that hard, this is an intern level project, folks.
> In result, if you care enough to argue about random v. urandom then you
> already put yourself in the second camp, and your problem is solved. Just
> use urandom and collect some other sources yourself. You no longer care.
That's terrible advice. Implement your own crypto of any sort widely leads
to complete fail, as we see repeatedly.
Also, if there are other sources, why are they not being fed in to the
> cryptography mailing list
> cryptography at randombit.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography