|
|
|
|
|
|
by tzs
4063 days ago
|
|
|
Note: this comment is being written after the correction above concerning the mixup of /dev/random and /dev/urandom. /dev/urandom is not a mere PRNG. It is a CSPRNG. Once it has been seeded with a good amount of entropy, say, 256 bits, it is safe to use for essentially all cryptographic purposes. That includes making long term SSH, SSL, and OpenPGP keys, and of course also includes making session cookies. Yes, I know the Linux man page for /dev/random says otherwise. As Dan Bernstein notes, this is "superstitious nonsense" [1]: Cryptographers are certainly not responsible for
this superstitious nonsense. Think about this for a
moment: whoever wrote the /dev/random manual page
seems to simultaneously believe that
(1) we can't figure out how to deterministically
expand one 256-bit /dev/random output into an
endless stream of unpredictable keys (this is what
we need from urandom), but
(2) we _can_ figure out how to use a single key to
safely encrypt many messages (this is what we need
from SSL, PGP, etc.).
For a cryptographer this doesn't even pass the laugh
test.
There is almost never a good reason for anyone other then the people who wrote the init scripts for your distribution to read /dev/random on a Linux system. They should read it to get entropy to initialize /dev/urandom, and to periodically reseed /dev/urandom.[1] http://www.mail-archive.com/cryptography@randombit.net/msg04... |
|
|