[Cryptography] [FORGED] Re: OpenSSL and random
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Nov 29 04:44:25 EST 2016
Bill Cox <waywardgeek at gmail.com> writes:
>"A read from the /dev/urandom device will not block waiting for more entropy.
>As a result, if there is not sufficient entropy in the entropy pool, the
>returned values are theoretically vulnerable to a cryptographic attack on the
>algorithms used by the driver."
That's taking a very narrow view of the world. If you step back a bit from
the hardcore-crypto-geek perspective and adopt a more general view,
/dev/random would need a warning:
"A read from the /dev/urandom device will block waiting for more entropy. This
means your application will appear to hang/crash at random intervals, leading
to hard-to-diagnose faults, customer complaints, loss of business, and, if
you're really unlucky, lawsuits".
So you've got a table that looks roughly like this:
Geek Normal human
---- ------------
App.blocks waiting for entropy App doesn't work
App doesn't block on entropy App works
>From which the conclusion is obvious: Don't ever stop waiting for entropy to
appear.
Peter.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161129/40b4ccaf/attachment.html>
More information about the cryptography
mailing list