The perils of security tools
IanG
iang at systemics.com
Sun May 25 12:06:16 EDT 2008
Steven M. Bellovin wrote:
> On Sat, 24 May 2008 20:29:51 +0100
> Ben Laurie <ben at links.org> wrote:
>
>> Of course, we have now persuaded even the most stubborn OS that
>> randomness matters, and most of them make it available, so perhaps
>> this concern is moot.
>>
>> Though I would be interested to know how well they do it! I did have
>> some input into the design for FreeBSD's, so I know it isn't
>> completely awful, but how do other OSes stack up?
>>
> I believe that all open source Unix-like systems have /dev/random
> and /dev/urandom; Solaris does as well.
Yes, but with different semantics:
/dev/urandom is a compatibility nod
to Linux. On Linux, /dev/urandom will
produce lower quality output if the
entropy pool drains, while
/dev/random will prefer to block and
wait for additional entropy to be
collected. With Yarrow, this choice
and distinction is not necessary,
and the two devices behave
identically. You may use either.
(random(4) from Mac OSX.)
Depending on where you are in the security paranoia
equation, the differences matter little or a lot. If doing
medium level security, it's fine to outsource the critical
components to the OS, and accept any failings. If doing
paranoid-level stuff, then best to implement ones own mix
and just stir in the OS level offering. That way we reduce
the surface area for lower-layer config attacks like the
Debian adventure.
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list