On Fri, Apr 26, 2013 at 08:57:45PM +0100, Ian Collier wrote: > On Fri, Apr 26, 2013 at 02:17:49PM -0500, Derek Martin wrote: > > Using /dev/urandom on systems that have it isn't without its own > > problems... if your system doesn't have enough entropy, reading from > > /dev/urandom will block until it does. > > On systems with a Linux kernel, /dev/urandom does not block but produces > lower entropy pseudorandom numbers instead. The /dev/random device > does block, and is used when full entropy is essential.
Sorry, yes, you're correct. It's not just Linux... it's basically every major Unix variant in production today, though implementations vary. Also: http://en.wikipedia.org/wiki//dev/random In 2004, Landon Curt Noll, Simon Cooper, and Mel Pleasant tested a variety of random number generators, including the /dev/random implementations in FreeBSD 5.2.1, Linux 2.4.21-20, Solaris 8 patch 108528-18, and Mac OS X 10.3.5.[7] They indicated that none of these /dev/random implementations were cryptographically secure because their outputs had uniformity flaws. So, using the microsecond-resolution system clock is probably as good, if not better. Like I said, this is an annoyingly hard problem. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
pgp6s_yDHJD31.pgp
Description: PGP signature
