[openssl-dev] Work on a new RNG for OpenSSL
Dimitry Andric
dimitry at andric.com
Thu Jun 29 11:03:00 UTC 2017
On 29 Jun 2017, at 06:03, Ben Laurie <ben at links.org> wrote:
>
> On 28 June 2017 at 03:41, Theodore Ts'o <tytso at mit.edu> wrote:
> On Wed, Jun 28, 2017 at 11:41:11AM +1000, Peter Waltenberg wrote:
> > And FYI. On systems not backed with hardware RNG's /dev/random is
> > extremely slow. 1-2 bytes/second is a DOS attack on it's own without any
> > other effort required.
>
> Please, stop suggesting the use /dev/random. The right answer is
> /dev/urandom or getrandom(2).
>
> a) On Linux.
>
> b) If its the right answer, why is there a difference between /dev/random and /dev/urandom?
The Linux random(4) manpage says:
The /dev/random device is a legacy interface which dates back
to a time where the cryptographic primitives used in the imple‐
mentation of /dev/urandom were not widely trusted. It will
return random bytes only within the estimated number of bits of
fresh noise in the entropy pool, blocking if necessary.
/dev/random is suitable for applications that need high quality
randomness, and can afford indeterminate delays.
and:
Usage
The /dev/random interface is considered a legacy interface, and
/dev/urandom is preferred and sufficient in all use cases, with
the exception of applications which require randomness during
early boot time; for these applications, getrandom(2) must be
used instead, because it will block until the entropy pool is
initialized.
In short, almost everybody should use /dev/urandom, and /dev/random is
kept alive for old programs.
-Dimitry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: Message signed with OpenPGP
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170629/09e92036/attachment.sig>
More information about the openssl-dev
mailing list