[Cryptography] Random numbers only once

Watson Ladd watsonbladd at gmail.com
Tue Feb 4 19:59:37 EST 2014

On Tue, Feb 4, 2014 at 4:55 PM, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
> On Tue, Feb 4, 2014 at 2:19 AM, Tony Arcieri <bascule at gmail.com> wrote:
>> On Mon, Feb 3, 2014 at 9:12 PM, Watson Ladd <watsonbladd at gmail.com> wrote:
>>> Why does /dev/random not do this and so avoid blocking after startup?
>> The /dev/random vs /dev/urandom distinction is probably a mistake. Also
>> making these things files in /dev is also probably a mistake. Ideally there
>> would just be a system call to obtain some randomness from the kernel, then
>> an awful lot of work to ensure that randomness is good. It shouldn't block.
> As far as the interface bing /dev/random and /dev/urandom, we are pretty
> much stuck with that. Changing it at this point would require changing
> countless programs. Also, if it were only available via system calls
> rather than through a special file interface, that would mean that scripting
> languages all would have to add explicit support for it. (I suspect that
> this may have been what influenced its original design from the start.)
> Certainly given its present /dev/u?random interface it would be easy enough
> to wrap a userland C API around it which is almost as good and keeps the
> kernel simpler (given that we are stuck with /dev/u?random).
> As for whether or not /dev/random should block, that has already been
> discussed at length here and elsewhere. However, I think most of us
> would concede that blocking is better than returning predictable
> pseudo-random values to the caller.

But that only justifies blocking exactly once after boot.

> -kevin
> --
> Blog: http://off-the-wall-security.blogspot.com/
> NSA: All your crypto bit are belong to us.

"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin

More information about the cryptography mailing list