[Cryptography] [RNG] on RNGs, VM state, rollback, etc.
Nico Williams
nico at cryptonector.com
Fri Oct 18 19:08:34 EDT 2013
On Fri, Oct 18, 2013 at 10:33:14PM +0200, Christoph Anton Mitterer wrote:
> On Fri, 2013-10-18 at 11:54 -0700, John Denker wrote:
> > Blocking /dev/urandom is a bad idea.
>
> Why? If the system is correctly set up, a good seed should be loaded and
> no problem will arise.
> If not, it's better to have failing programs or even a completely broken
> system, than one that does insecure things.
The problem is that many apps expect /dev/urandom never to block. This
is a severe problem if such an app is invoked early in boot and blocks
the rest of the bootup procedure. But, then again, that would be a
serious bug, therefore blocking until seeded would be very useful
behavior: it would allow one to find such bugs.
Now, once seeded, /dev/urandom should not block again (apps that use
/dev/urandom should be OK with indefinitely stretched entropy), but it
should get periodically reseeded.
Nico
--
More information about the cryptography
mailing list