[Cryptography] [FORGED] Re: OpenSSL and random

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Nov 29 04:44:25 EST 2016

Bill Cox <waywardgeek at gmail.com> writes:

>"A read from the /dev/urandom device will not block waiting for more entropy.
>As a result,  if  there is  not sufficient entropy in the entropy pool, the
>returned values are theoretically vulnerable to a cryptographic attack on the
>algorithms used by the driver."

That's taking a very narrow view of the world.  If you step back a bit from
the hardcore-crypto-geek perspective and adopt a more general view,
/dev/random would need a warning:

"A read from the /dev/urandom device will block waiting for more entropy. This
means your application will appear to hang/crash at random intervals, leading
to hard-to-diagnose faults, customer complaints, loss of business, and, if
you're really unlucky, lawsuits".

So you've got a table that looks roughly like this:

  Geek                                     Normal human
  ----                                     ------------
  App.blocks waiting for entropy           App doesn't work
  App doesn't block on entropy             App works

>From which the conclusion is obvious: Don't ever stop waiting for entropy to


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161129/40b4ccaf/attachment.html>

More information about the cryptography mailing list