| |||||||||||||
|
| |||||||||||||
What's the problem?What's the problem?Posted Feb 16, 2003 23:43 UTC (Sun) by Ross (subscriber, #4065)In reply to: What's the problem? by Peter Parent article: Mandrake security update to util-linux
I had read differently on the lkml a few years back. It was stated (IIRC) that /dev/urandom was safe on systems which had very little (or no) entropy gathered as long as: I don't see any flaws in the reasoning, but then again I'm not a cryptographer :) Pseudo-random number generators are often weak cryptographically, but the only inherent weakness is that knowing the internal state at any point in the past will allow you to predict the output at any point in the future (assuming no re-seeding is performed). Using /dev/random is probably better for generating keys out of paranoia. It is of course possible that someone will find a weakness in SHA.
(Log in to post comments)
What's the problem? Posted Feb 19, 2003 8:28 UTC (Wed) by Peter (guest, #1127) [Link] Well, on a scale of people who know anything about cryptographic PRNGs, I rate quite low. (: I had read differently on the lkml a few years back. It was stated (IIRC) that /dev/urandom was safe on systems which had very little (or no) entropy gathered, so long as: I don't see any flaws in the reasoning, but then again I'm not a cryptographer :) Ditto, squared. It sounds good anyway.
|
|
||||||||||||