Re: /dev/random in 2.4.6

From: David Wagner (daw@mozart.cs.berkeley.edu)
Date: Sun Aug 19 2001 - 12:27:51 EST


Steve Hill wrote:
>Hmm... Well, ATM I've kludged a fix by using /dev/urandom instead, but
>it's not ideal because it's being used to generate cryptographic keys, and
>urandom isn't cryptographically secure.

I think you may want to check again. /dev/urandom *is* cryptographically
secure, and should be fine to use for generating crypto keys [1].

This seems to be a common point of confusion.

[1] Well, if SHA isn't secure, then /dev/urandom might not be any good.
    But if SHA isn't secure, then the rest of your crypto might not be
    any good either, so you might as well trust /dev/urandom.

    There *is* a subtle difference between the two. When you want
    forward secrecy, /dev/urandom might be insufficient: If your machine
    is broken into, an attacker can learn the state of the pool, and
    then if you kick off the attacker without rebooting or refreshing
    the /dev/urandom pool, the attacker might be able to predict your
    crypto keys for some time after he's lost access to your machine.
    However, I would imagine that in many settings this may not be a
    major concern, and it is easily remedied by rebooting or by
    otherwise re-seeding the /dev/urandom pool.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Thu Aug 23 2001 - 21:00:31 EST