[Cryptography] Random numbers only once

ianG iang at iang.org
Wed Feb 5 01:48:49 EST 2014


On 4/02/14 10:19 AM, Tony Arcieri wrote:
> On Mon, Feb 3, 2014 at 9:12 PM, Watson Ladd <watsonbladd at gmail.com> wrote:
> 
>> Why does /dev/random not do this and so avoid blocking after startup?
>>
> 
> The /dev/random vs /dev/urandom distinction is probably a mistake.


It was a hard lesson to learn I think.  I recall being quite angry when
FreeBSD tied them together, for years even.

Now that hindsight is possible, one can look at the results.  Did
FreeBSD ever find an application that had a genuine need for entropy
rather than unguessable numbers?


> Also
> making these things files in /dev is also probably a mistake. Ideally there
> would just be a system call to obtain some randomness from the kernel, then
> an awful lot of work to ensure that randomness is good. It shouldn't block.


Um, this goes back to the philosophy of Unix system calls, and the
notion that adding system calls for approximately similar things is a
bad idea.  I think calling it a special device / file is actually quite
perfect in that sense, because all one ever does is read and write to it.

iang



More information about the cryptography mailing list