[Cryptography] Random numbers only once

Kevin W. Wall kevin.w.wall at gmail.com
Tue Feb 4 19:55:49 EST 2014

On Tue, Feb 4, 2014 at 2:19 AM, Tony Arcieri <bascule at gmail.com> wrote:
> On Mon, Feb 3, 2014 at 9:12 PM, Watson Ladd <watsonbladd at gmail.com> wrote:
>> Why does /dev/random not do this and so avoid blocking after startup?
> The /dev/random vs /dev/urandom distinction is probably a mistake. Also
> making these things files in /dev is also probably a mistake. Ideally there
> would just be a system call to obtain some randomness from the kernel, then
> an awful lot of work to ensure that randomness is good. It shouldn't block.

As far as the interface bing /dev/random and /dev/urandom, we are pretty
much stuck with that. Changing it at this point would require changing
countless programs. Also, if it were only available via system calls
rather than through a special file interface, that would mean that scripting
languages all would have to add explicit support for it. (I suspect that
this may have been what influenced its original design from the start.)

Certainly given its present /dev/u?random interface it would be easy enough
to wrap a userland C API around it which is almost as good and keeps the
kernel simpler (given that we are stuck with /dev/u?random).

As for whether or not /dev/random should block, that has already been
discussed at length here and elsewhere. However, I think most of us
would concede that blocking is better than returning predictable
pseudo-random values to the caller.

Blog: http://off-the-wall-security.blogspot.com/
NSA: All your crypto bit are belong to us.

More information about the cryptography mailing list