The perils of security tools
The Fungi
fungi at yuggoth.org
Wed May 28 10:15:24 EDT 2008
On Wed, May 28, 2008 at 10:34:53AM +0200, Philipp Gühring wrote:
> > it is imperative that wasteful reads of this pseudo-device be
> > avoided at all costs.
>
> Yes. Still, some people are using fopen/fread to access
> /dev/random, which does pre-fetching on most implementations I
> saw, so using open/read is preferred for using /dev/random.
>
> Implementations can be rather easily checked with strace.
Oh, agreed wholeheartedly. I simply meant that *wasteful*
(gratuitous) reads of /dev/random should be avoided. Justifiable,
conservative reads of /dev/random are, of course, why it exists in
the first place!
And fopen/fread is definitely a bad idea in this case for the
reasons you point out. In general, anything which prefetches
potentially excess data in a read from /dev/random is destructive to
the entropy pool.
--
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP(fungi at yuggoth.org); IRC(fungi at irc.yuggoth.org#ccl); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fungi at yuggoth.org);
MUD(fungi at katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); }
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list