[cryptography] urandom vs random
sandyinchina at gmail.com
Sat Aug 17 12:48:12 EDT 2013
On Fri, Aug 16, 2013 at 11:07 AM, Aaron Toponce <aaron.toponce at gmail.com> wrote:
> The /dev/urandom device in the Linux kernel uses the Yarrow pseudo random
> number generator when the entropy pool has been exhausted.
No, it doesn't, or at least did not last time I looked at the code, a few
months ago. There are similaities, but also large differences.
> It turns out, getting good, high quality, true random, and chaotic data
> into your kernel isn't really at all that difficult. All you need to do, is
> rely in quantum chas, which is really the only true source for random, as
> much as random can get. Some things people have done:
> * Tuned their radio to atmospheric noise, and fed it into their kernel
> through their sound card.
> * Created reverse PNL junctions, timing electron jumps.
> * Timing radioactive decay using Americium-241, common in everyday
> household smoke detectors.
> * Opening up the CCD on a web camera fully in a completely dark box.
> * Termal noise from resistors.
> * Clock drift from quartz-based clocks and power fluctuations.
My program to deal with this (which needs more analysis before it
should be entirely trusted) and a paper which discusses it and
several alternatives are at:
> At any event, using /dev/urandom is perfectly secure, as the Yarrow
> algorithm has proven itself over time to withstand practical attacks. So,
> let's dispel the myth that using /dev/urandom is insecure. :)
More information about the cryptography