[cryptography] urandom vs random

James A. Donald jamesd at echeque.com
Sat Aug 17 17:14:31 EDT 2013


On 2013-08-17 5:57 PM, Peter Gutmann wrote:
> Nico Williams <nico at cryptonector.com> writes:
>
>> It might be useful to think of what a good API would be.
> The problem isn't the API, it's the fact that you've got two mutually
> exclusive requirements, the security geeks want the (P)RNG to block until
> enough entropy is available, everyone else wants execution to continue without
> being blocked.  In other words a failure of security is preferred to a failure
> of functionality.  Until you resolve that conflict, no API (re)design is going
> to help you.

The security geeks are the only people who want to use these.  If on 
some systems urandom is "fixed" to not block at startup, cannot use it 
portably.




More information about the cryptography mailing list