[Cryptography] Is Ron right on randomness
Ray Dillinger
bear at sonic.net
Tue Nov 29 22:27:20 EST 2016
On 11/26/2016 06:38 AM, Salz, Rich wrote:
> Meanwhile, back in the real world... What should OpenSSL do, given the wide number of platforms and huge uninformed community that depends on it, do?
Check the ioctl() to ensure that a read of /dev/random wouldn't block,
and then read from /dev/urandom.
The ioctl() makes sure that the pool is properly initialized. The
urandom read can be performed by as many processes as need it, as fast
as it's needed, without causing a block.
Remember that once the pool has its ~4k "real" bits of randomness, you
don't need to worry, at all, about how much or how often you read from
/dev/urandom.
If the ioctl() reveals that /dev/random will in fact block, then
either read /dev/random (ie, deliberately block waiting for the pool to
be initialized) for your bits, or bail with an error message.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161129/1053cd22/attachment.sig>
More information about the cryptography
mailing list