Holes in the Linux random number generator?
Posted May 26, 2006 16:41 UTC (Fri) by zooko
In reply to: Holes in the Linux random number generator?
Parent article: Holes in the Linux random number generator?
That's a reasonable approach. The problem is that the majority of Linux programmers appear to have the misunderstanding that you ought to use /dev/random when you need "real randomness" (as opposed to "pseudo-randomness") or for "added security". In fact, nearly all of the applications that use /dev/random would be more secure against the kinds of attacks that I mentioned if they used /dev/urandom, and there is no particular reason to believe that they would be more susceptible to cryptanalysis that way.
It's a widespread and persistent myth that /dev/urandom isn't really secure, which is why I get so frustrated when I see it repeated. In fact, just last week our own LWN posted an article that repeated that myth.
I see that it has subsequently been edited so that it no longer constrasts /dev/urandom with /dev/random as "pseudo-random" vs. "true random", but it still constrasts them as "purely algorithmic" vs. "true random", which is still sadly incorrect (they are both algorithmic in the sense of being algorithms that could in principle be cracked by a cryptanalysis, and neither is "pure" in the sense of producing output without entropic input -- excepting perhaps the broken edge case of /dev/urandom producing output during system bootstrapping when it has never been properly seeded -- and /dev/random is not "true random" in the sense of being provably information-theoretically secure).
to post comments)