On the safety of Linux random numbers
Posted May 11, 2006 9:49 UTC (Thu) by zooko
Parent article: On the safety of Linux random numbers
It's an unfortunate myth that /dev/random provides "true" randomness and /dev/urandom provides "pseudorandomness". A more accurate summary would be that they both provide pseudorandomness, but that /dev/random attempts to be safer by blocking when the amount of pseudorandomness that it would output would be greater than (some complicated and poorly understood magic estimate of) the amount of randomness that has been fed in.
In practice the blocking behavior of /dev/random causes more problems -- including more security problems -- than the unlimited output of /dev/urandom causes.
If it weren't for an unfortunate security flaw in /dev/urandom (concerning initialization during system startup), then there would be no good reason for anyone to use /dev/random.
to post comments)