Alex Bligh - linux-kernel wrote:
>Equally, I do not want want to read /dev/urandom (and not block) which, in
>an absence of entropy, is (arguably) cryptographically weaker (see below).
This doesn't make any sense to me. You're using SSL, so you already
have to trust MD5 and SHA. The only way that /dev/urandom might even
plausibly be in trouble is if those hash functions are broken, but in
this case SSL is in even worse trouble. If you're using the random
numbers for cryptographic purposes, you might as well use /dev/urandom.
Your fears about weaknesses in /dev/urandom seem to completely unfounded.
There is a perfectly good technical solution available, and it is called
/dev/urandom. I hope this reassures you...
>The point is simple: We say to authors of cryptographic applications
>(ssl, ssh etc.) that they should use /dev/random, because /dev/urandom
>is not cryptographically strong enough.
Whoever says this is simply wrong. There are a few isolated scenarios
where /dev/urandom is not sufficient and where /dev/random is needed,
but they are very rare, and they have nothing to do with weaknesses in
/dev/urandom (they have to do with recovering from host compromises,
and they're a second- or third-order concern).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 23 2001 - 21:00:44 EST