| View previous topic :: View next topic |
| Author |
Message |
zeveck
Apprentice
Joined: 17 Mar 2005
Posts: 173
Location: Boston, MA
|
 Posted: Sat Oct 15, 2005 10:46 pm Post subject: /dev/random vs. /dev/urandom |
 |
|
What is the difference?
Is it insecure to use /dev/urandom for deriving an IV? a key? |
|
| Back to top |
|
 |
RiBBiT
Apprentice
Joined: 18 May 2005
Posts: 215
Location: Sweden
|
|
| Back to top |
|
|
pmgas
Tux's lil' helper
Joined: 23 Apr 2003
Posts: 97
Location: Austria
|
| Posted: Sat Oct 15, 2005 11:04 pm Post subject: PRNG ... |
|
|
Hi
The difference between /dev/random and /dev/urandom is, that one of them (I don't know which one) uses a pseudorandomnumbergenerator to generate "random" values. The other one uses real random values, collected from process numbers, mouse movement ....
So, if I have the choice, I would pick the one with the real number output, but you can also use the other one, in my opinion. You don't need very much random data for a key or an IV ... Imho good PRNGs are secure enough
hth
peda |
|
| Back to top |
|
|
Janne Pikkarainen
Veteran
Joined: 29 Jul 2003
Posts: 1143
Location: Helsinki, Finland
|
| Posted: Sun Oct 16, 2005 7:54 am Post subject: |
|
|
/dev/random generates real randomness by listening mouse movements, keyboard activity, network events and all kind of stuff what's going on in your server. The biggest problem you may see with /dev/random is that especially on a busy server your system may not generate new entropy fast enough, if processes are reading /dev/random a lot. Running out of entropy blocks processes until they get the randomness they wanted. Personally I've seen pop3d of Cyrus IMAPd getting slow and/or stuck because of kernel run out of entropy. You may check anytime if there's entropy left in your system with cat /proc/sys/kernel/random/entropy_avail.
Some processors and/or motherboards may have a hardware-based random generator, which helps the situation. Also there are other ways to make generating real randomness faster: for example, there is a daemon which listens to a sound files you feed to it and generates randomness from your music.
In workstation use /dev/random does not run out very easily, though.
/dev/urandom generates random numbers as well, but they're not "real" randomness. Instead /dev/urandom just pops out numbers out of its head, being very fast in that. For most applications /dev/urandom is more than sufficient.
And what if application really wants to use /dev/random instead of /dev/urandom, and your application gets slow and buggy because of that? No worries! Then you may emerge rng-tools and run rngd (/etc/init.d/rngd start). It then uses /dev/urandom for filling entropy pool of /dev/random in case there's not HW generated randomness available.
_________________
Yes, I'm the man. Now it's your turn to decide if I meant "Yes, I'm the male." or "Yes, I am the Unix Manual Page.". |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
