Re: Why does reading from /dev/urandom deplete entropy so much?

From: Theodore Tso
Date: Sun Dec 09 2007 - 07:33:33 EST

Next message: Ingo Molnar: "Re: tipc_init(), WARNING: at arch/x86/mm/highmem_32.c:52,[2.6.24-rc4-git5: Reported regressions from 2.6.23]"
Previous message: Michael Tokarev: "clock jumps on dualcore PentiumD with cpufreq"
In reply to: Ismail DÃnmez: "Re: Why does reading from /dev/urandom deplete entropy so much?"
Next in thread: Ismail DÃnmez: "Re: Why does reading from /dev/urandom deplete entropy so much?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Dec 09, 2007 at 08:21:16AM +0200, Ismail Dönmez wrote:
> My understanding was if you can drain entropy from /dev/urandom any futher
> reads from /dev/urandom will result in data which is not random at all. Is
> that wrong?

Past a certain point /dev/urandom will stat returning results which
are cryptographically random. At that point, you are depending on the
strength of the SHA hash algorithm, and actually being able to not
just to find hash collisions, but being able to trivially find all or
most possible pre-images for a particular SHA hash algorithm. If that
were to happen, it's highly likely that all digital signatures and
openssh would be totally broken.

- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "Re: tipc_init(), WARNING: at arch/x86/mm/highmem_32.c:52,[2.6.24-rc4-git5: Reported regressions from 2.6.23]"
Previous message: Michael Tokarev: "clock jumps on dualcore PentiumD with cpufreq"
In reply to: Ismail DÃnmez: "Re: Why does reading from /dev/urandom deplete entropy so much?"
Next in thread: Ismail DÃnmez: "Re: Why does reading from /dev/urandom deplete entropy so much?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]