>>>>> "Unruh" == Unruh <unruh-spam@physics.ubc.ca> writes:

>> Use /dev/random, then. The reader of /dev/random is blocked
>> until the kernel thinks it has collected enough entropy for the
>> bytes to be returned. /dev/urandom won't block, and hence may
>> not give the kernel enough time to collect enough entropy.

Unruh> Do NOT use /dev/random for precisely that reason. It is
Unruh> almost always both silly and irresponsible to use
Unruh> /dev/random. It creates programs that block and can
Unruh> completely bring a system to its knees.

Why will using /dev/random bring *the whole system* to its knees?
Do you mean programs not using /dev/random at all will be blocked, too?

If an application writer uses /dev/random, he should know what he's
doing, and he should expect his program to experience blocking.
That's the price he's paying for when he want high-quality, real
random numbers. What else can he do if he really wants enough
entropy?

Have you ever used GnuPG to generate a new pair of keys? It does use
/dev/random, and prints the message "please move your mouse or type on
your keyboard to generate some random data" or something like that
when it reads from /dev/random. The author knows what he's doing.



Unruh> /dev/urandom is a PRNG which is quite good (Like neither
Unruh> you, or NSA are going to be able to predict the future
Unruh> stream from an arbitrary length of past stream).

Quite good < Excellent.

For crypto applications, no.


Unruh> and should always be used unless you really really really
Unruh> know what you are doing. For someone who has to ask what
Unruh> the difference between rand and random, he should
Unruh> definitely use /dev/urandom.

But you should warn him about the potential predictability incurred.


--
Lee Sau Dan §õ¦u´° ~{@nJX6X~}

E-mail: danlee@informatik.uni-freiburg.de
Home page: http://www.informatik.uni-freiburg.de/~danlee