Timeline for Is it wrong to link /dev/random to /dev/urandom on Linux?
Current License: CC BY-SA 3.0
8 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Aug 21, 2016 at 3:20 | comment | added | Dessa Simpson | This is wrong. They use the SAME RNG, but random blocks if it guesses that there's not enough entropy. | |
| Aug 9, 2016 at 19:31 | comment | added | CSM | Note that man 4 urandom states (at least for Kernel 3.16.0) <block> If there is not sufficient entropy in the entropy pool, the returned values are <i>theoretically vulnerable to a crypto‐graphic attack on the algorithms used by the driver</i>. Knowledge of how to do this is not available in the current unclassified literature, but it is theoretically possible that such an attack may exist. </block> and goes on to say <block><i> As a general rule, /dev/urandom should be used for everything except long-lived GPG/SSL/SSH keys.</i></block> | |
| Feb 13, 2016 at 10:50 | comment | added | WhiteWinterWolf |
@vonbrand: Depending on my degree of paranoia, if I have to choose between a mathematically checked PRNG to generate randomness or a user forced to type a full screen of garbage "asdfghasdfghasdfgh", I would by far choose the software PRNG. I understand your point that a computer is not good at generating randomness, but humans are even worse at it. Nevertheless, to come back to my question, except from the urandom vs. random debate, do you confirm that replacing the /dev/random file by a link should have no other side-effect and be a viable alternative to the rngd trick I mentionned?
|
|
| Feb 12, 2016 at 23:07 | comment | added | vonbrand | @Gilles they are different algorithms and code bases. | |
| Feb 12, 2016 at 22:24 | comment | added | Gilles 'SO- stop being evil' |
If you don't trust /dev/urandom, you have no reason to trust GPG either.
|
|
| Feb 12, 2016 at 22:17 | comment | added | vonbrand | @Gilles that depends on your degree of paranoia. For GPG, everybody is affected by your key (indirectly). | |
| Feb 12, 2016 at 21:52 | comment | added | Gilles 'SO- stop being evil' |
This is wrong. /dev/urandom is fine for cryptography.
|
|
| Feb 12, 2016 at 13:09 | history | answered | vonbrand | CC BY-SA 3.0 |