[Cryptography] Is Ron right on randomness

Ray Dillinger bear at sonic.net
Tue Nov 29 22:27:20 EST 2016

On 11/26/2016 06:38 AM, Salz, Rich wrote:

> Meanwhile, back in the real world...  What should OpenSSL do, given the wide number of platforms and huge uninformed community that depends on it, do?

Check the ioctl() to ensure that a read of /dev/random wouldn't block,
and then read from /dev/urandom.

The ioctl() makes sure that the pool is properly initialized.  The
urandom read can be performed by as many processes as need it, as fast
as it's needed, without causing a block.

Remember that once the pool has its ~4k "real" bits of randomness, you
don't need to worry, at all, about how much or how often you read from

If the ioctl() reveals that /dev/random will in fact block, then
either read /dev/random (ie, deliberately block waiting for the pool to
be initialized) for your bits, or bail with an error message.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161129/1053cd22/attachment.sig>

More information about the cryptography mailing list