On Sun, Jul 21, 2019 at 09:13:48PM +0000, paul.kon...@dell.com wrote: > > > > On Jul 21, 2019, at 5:03 PM, Joerg Sonnenberger <jo...@bec.de> wrote: > > > > > > [EXTERNAL EMAIL] > > > > On Sun, Jul 21, 2019 at 08:50:30PM +0000, paul.kon...@dell.com wrote: > >> /dev/urandom is equivalent to /dev/random if there is adequate entropy, > >> but it will also deliver random numbers not suitable for cryptography > >> before that time. > > > > This is somewhat misleading. The problem is that with an unknown entropy > > state, the system cannot ensure that an attacker couldn't predict the > > seed used for the /dev/urandom stream. That doesn't mean that the stream > > itself is bad. It will still pass any statistical test etc. > > That's exactly my point. If you're interested in a statistically high > quality pseudo-random bit stream, /dev/urandom is a gread source. But > if you need a cryptographically strong random number, then you can't > safely proceed with an unknown entropy state for the reason you stated, > which translates into "you must use /dev/random".
That distinction makes no sense at all to me. /dev/urandom is *always* a cryptographically strong RNG. The only difference here is that without enough entropy during initialisation of the stream, you can brute force the entropy state and see if you get a matching output stream based on that seed. Joerg
