[Cryptography] Fast-key-erasure RNG and fork()ing

Yann Droneaud ydroneaud at opteya.com
Sat Jun 30 06:59:03 EDT 2018


Le vendredi 29 juin 2018 à 00:46 +0200, Yann Ylavic a écrit :
> while "/dev/urandom" never blocks but doesn't garanty good randoms
> either 

Linux's /dev/urandom is a CSPRNG: it's designed to be cryptographically
strong. If correctly initialized, it garanties "good randoms".



> (w/o enough entropy, how could it), 

That's one drawback of /dev/urandom versus getrandom(): without
GRND_RANDOM, the syscall might block when called early after kernel
boot, as the underlying CSPRNG will wait for some entropy to be
gathered. Once initialized, it should like /dev/urandom.

> not to talk about mostly unusable "/dev/random" for modern needs of
> randoms.

Except for long term keys, one should not need "/dev/random".


Yann Droneaud

More information about the cryptography mailing list