See comments below.
On 2/18/2012 8:02 AM, Edward Ned Harvey wrote:
From: David Jacobson [mailto:dmjacob...@sbcglobal.net]
Sent: Friday, February 17, 2012 3:33 PM
Here is how /dev/urandom works on the systems I've looked at. (More
specifically, I'm looking at Ubuntu, but I've also looked at Solaris.)
/dev/urandom has some pool of information (commonly called entropy). At
[snip]
I'm trying to find a way to ensure sufficient entropy at the time of key
generation.
The openssl documentation says they use urandom. But the kernel man page
says you shouldn't use urandom for this key generation.
You can read a very good, but dated, paper on /dev/random and
/dev/urandom at
http://www.pinkas.net/PAPERS/gpr06.pdf
You will see that /dev/urandom does get real entropy, and, as I said,
entropy is saved across shutdown and reboot, so that even right after
boot (assuming that the file is secure), the entropy is good.
As I said in my previous posting, VMs have difficulties, particularly
right after cloning. The main problem with cloning is that, unless
special procedures are followed, all the clones will have the same
/var/lilb/urandom/random-seed file. Furthermore, in a VM many drivers
are virtualized, and the assumptions that went into using the associated
device as an entropy source may not be valid.
There are a few cases where you might want to use /dev/random, but they
are pretty few. And I've heard that on some systems, /dev/random is
just a symbolic link to /dev/urandom.
Bottom line, I think /dev/urandom is fine as a source of entropy as long
as you are not on a virtual machine and the machine has not been
compromised. (Well, this also assumes a good implementation. We all
know about the Debian bug a few years ago.)
--David Jacobson
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
