Myths About /dev/urandom

by
in code on (#3FC)
story imageThe differences between /dev/random and /dev/urandom have spawned some misconceptions. This article attempts to explain some of the myths surrounding this perplexing random number device.

Also of interest, is a report on weak entropy in key generation, especially during bootup, and another report on the aftermath of Debian's recent OpenSSL vulnerability.

Re: Waiting for entropy (Score: 3, Informative)

by mclearn@pipedot.org on 2014-03-10 13:51 (#CB)

I should say that this is the danger of /dev/urandom rather than /dev/random. Non-blocking behaviour assumes nothing about the entropy in the pool and therefore while the underlying PRNG algorithm may be the same as /dev/random, the output will still potentially be weak even though the output might look random.

Here's a concrete example I like to use:

Say you have a DRBG/PRNG that has the following algorithm: starting at num=1 emit byte streams from sha1hash(num). Then increment to the next number and repeat. The resulting output stream will be indecipherable from random noise because sha1 is cryptographically strong. But the seed material is incredibly weak. (The algorithm is not really an issue in this case because it's just a deterministic algo with a hash conditioning function.)
Post Comment
Subject
Comment
Captcha
What's eighteen - 2?