[Cryptography] OpenSSL CSPRNG work
Ron Garret
ron at flownet.com
Wed Jun 28 20:03:00 EDT 2017
On Jun 27, 2017, at 8:40 PM, Ray Dillinger <bear at sonic.net> wrote:
>> Thomas may know what he’s talking about, but his advice is based on some tacit assumptions which may not always be true, and which a reasonable person might choose not to accept.
>
> There is no environment in current use where using /dev/urandom more
> than a minute after bootup will inconvenience any other process in the
> slightest.
So? What does that have anything to do with what I said?
> Refusing to use it in order to avoid a hypothetical problem
> that probably won't even occur on those systems is like a garage
> refusing to use an air wrench to put on wheels because using one
> carelessly might break the wooden spokes of a model-T. Well, that is,
> one of the pre-1934 model-T's that had wooden spokes instead of metal.
Security is all about avoiding hypothetical problems that might never occur. Having an attacker insert a back door into a /dev/urandom driver is not an unreasonable threat model for some people.
rg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170628/f31d2503/attachment.sig>
More information about the cryptography
mailing list