Holes in the Linux random number generator?
Posted May 27, 2006 13:22 UTC (Sat) by kleptog
In reply to: Holes in the Linux random number generator?
Parent article: Holes in the Linux random number generator?
There's a lot of confusion about the difference between /dev/random and /dev/urandom. This also partly because the definitions vary across different systems.
For example, at one point libgcrypt might read a few KB of data from /dev/urandom to initialise its internal PRNG. After all, /dev/urandom is not really random so we'll just take as much as we can. On Linux ofcourse this breaks terribly because anything using /dev/random will now be without entropy. Other systems apparently run /dev/random and /dev/urandom from seperate pools, so it's not a big problem.
I think what really needs to happen is that people *think* about how much randomness they really need, given it is a somewhat scare resource. Using a few KB of entropy to seed a PRNG that only a few bytes of random data are going to be generated from is silly, you may as well read those bytes directly from the random device and save yourself a lot of effort.
to post comments)