[cryptography] urandom vs random
aaron.toponce at gmail.com
Sun Aug 18 16:53:15 EDT 2013
On Sat, Aug 17, 2013 at 12:24:45AM -0000, D. J. Bernstein wrote:
> I'm not saying that /dev/urandom has a perfect API. It's disappointingly
> common for vendors to deploy devices where the randomness pool has never
> been initialized; BSD /dev/urandom catches this configuration bug by
> blocking, but Linux /dev/urandom (unlike Linux /dev/random) spews
> predictable data, causing (e.g.) the widespread RSA security failures
> documented on http://factorable.net. But fixing this configuration bug
> has nothing to do with the /dev/random superstitions.
That paper is actually a real good read, especially those for Fedora, CentOS,
RHEL, and other RPM-based systems, where SSH is installed by default, and the
boot-time entropy hole is a real concern. But, as the paper mentions, keys
generated late after boot weren't affected, and there were vulnerable keys on
BSD systems generated with arc4random(3).
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 519 bytes
Desc: not available
More information about the cryptography