Steve Hill wrote:
>Hmm... Well, ATM I've kludged a fix by using /dev/urandom instead, but
>it's not ideal because it's being used to generate cryptographic keys, and
>urandom isn't cryptographically secure.
I think you may want to check again. /dev/urandom *is* cryptographically
secure, and should be fine to use for generating crypto keys [1].
This seems to be a common point of confusion.
[1] Well, if SHA isn't secure, then /dev/urandom might not be any good.
But if SHA isn't secure, then the rest of your crypto might not be
any good either, so you might as well trust /dev/urandom.
There *is* a subtle difference between the two. When you want
forward secrecy, /dev/urandom might be insufficient: If your machine
is broken into, an attacker can learn the state of the pool, and
then if you kick off the attacker without rebooting or refreshing
the /dev/urandom pool, the attacker might be able to predict your
crypto keys for some time after he's lost access to your machine.
However, I would imagine that in many settings this may not be a
major concern, and it is easily remedied by rebooting or by
otherwise re-seeding the /dev/urandom pool.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 23 2001 - 21:00:31 EST