[Cryptography] Dieharder & /dev/urandom

Michel Arboi michel.arboi at gmail.com
Wed May 15 08:12:10 EDT 2019

Le mer. 15 mai 2019 à 01:36, John Kelsey <crypto.jmk at gmail.com> a écrit :

> /dev/urandom is giving you cryptographically processed bits, so I’m like 99.99% sure what you’re seeing is that you ran lots of tests each with a small probability of giving a false positive, and a couple false positives happened.

I never get that with random, or with a much lower probability than
urandom. That's odd.

> The practical issue with /dev/urandom is that it’s never allowed to block, so in some extreme circumstances you could be getting output bits even though the system hasn’t managed to collect any entropy.  This was apparently behind the finding a few years back of a bunch of appliance routers and firewalls whose RSA keys shared primes.  (This demonstrates a disastrous lack of entropy!)  Note the the statistics of those systems’ /dev/urandom outputs would have been fine if checked—the problem was only visible when you looked at many different machines’ outputs.

I'm doing all these tests on computers that have been up and running
for days. Moreover, one of them has a OneRNG hardware key. This does
not change anything to the results.

More information about the cryptography mailing list