[cryptography] urandom vs random

yersinia yersinia.spiros at gmail.com
Sat Aug 17 13:21:15 EDT 2013

On Sat, Aug 17, 2013 at 6:39 PM, Sandy Harris <sandyinchina at gmail.com>wrote:

> shawn wilson <ag4ve.us at gmail.com> wrote:
> > I thought that decent crypto programs (openssh, openssl, tls suites)
> > should read from random so they stay secure and don't start generating
> > /insecure/ data when entropy runs low.
> (Talking about Linux, the only system where I know the details)
> urandom uses cryptographically strong mixing (SHA-1) and has
> enormous state, so it should be secure barring pathological
> cases like the router vendors whose version of Linux failed to
> initialise things properly or an enemy who already has root on
> your system so he/she can look at kernel internals. (and that
> enemy has much better targets to go after).

IMHO I found related to this discussion this article on LWN (
, which describes the developments in the recent years on the generation of
random numbers in the linux kernel. In particular, it discusses the talk
"Do not Play Dice With Random Numbers" by Peter Alvin at LinuxCon Europe
2012 (

"Randomness is a subtle property. To illustrated this, Peter displayed a
photograph of three icosahedral says That He'd thrown at home, saying"
here, if you need a random number, you can use 846. "Why does not this work
, he asked. First of all, a random number is only random ounces. Additions
in, it is only random until we know what it is. These facts are not the
same thing. Peter Noted That It is possible to misuse by a random number
reusing it, this can lead to breaches in security protocols."

Best Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130817/48f93a65/attachment.html>

More information about the cryptography mailing list