[cryptography] urandom vs random

Sandy Harris sandyinchina at gmail.com
Sat Aug 17 12:48:12 EDT 2013


On Fri, Aug 16, 2013 at 11:07 AM, Aaron Toponce <aaron.toponce at gmail.com> wrote:


> The /dev/urandom device in the Linux kernel uses the Yarrow pseudo random
> number generator when the entropy pool has been exhausted.

No, it doesn't, or at least did not last time I looked at the code, a few
months ago. There are similaities, but also large differences.

> It turns out, getting good, high quality, true random, and chaotic data
> into your kernel isn't really at all that difficult. All you need to do, is
> rely in quantum chas, which is really the only true source for random, as
> much as random can get. Some things people have done:
>
>     * Tuned their radio to atmospheric noise, and fed it into their kernel
>       through their sound card.
>     * Created reverse PNL junctions, timing electron jumps.
>     * Timing radioactive decay using Americium-241, common in everyday
>       household smoke detectors.
>     * Opening up the CCD on a web camera fully in a completely dark box.
>     * Termal noise from resistors.
>     * Clock drift from quartz-based clocks and power fluctuations.

My program to deal with this (which needs more analysis before it
should be entirely trusted) and a paper which discusses it and
several alternatives are at:
ftp://ftp.cs.sjtu.edu.cn:990/sandy/maxwell/

> At any event, using /dev/urandom is perfectly secure, as the Yarrow
> algorithm has proven itself over time to withstand practical attacks. So,
> let's dispel the myth that using /dev/urandom is insecure. :)

Yes.


More information about the cryptography mailing list