[whatwg] Cryptographically strong random numbers

Mark S. Miller erights at google.com
Wed Feb 16 11:34:34 PST 2011


On Wed, Feb 16, 2011 at 11:31 AM, Mark S. Miller <erights at google.com> wrote:

>
>
> On Wed, Feb 16, 2011 at 11:13 AM, David Wagner <daw at cs.berkeley.edu>wrote:
>
>> Shabsi Walfish wrote (quoting from the urandom(4) man page):
>> > A read from the */dev/urandom* device will not block waiting for more
>> > entropy. As a result, if there is not sufficient entropy in the entropy
>> > pool, the returned values are theoretically vulnerable to a
>> cryptographic
>> > attack on the algorithms used by the driver. Knowledge of how to do
>> > this is not available in the current non-classified literature, but it
>> > is theoretically possible that such an attack may exist. If this is a
>> > concern in your application, use */dev/random* instead.
>>
>> This is total FUD.  I've long complained about the fact that this is in
>> the urandom(4) man page, as it leads to widespread misconceptions, but
>> it's never been fixed.  I don't want to waste the time of people on this
>> mailing list deconstructing this statement in detail,
>
>
> Hi David, please feel free to, or to point at pages where we can read more
> about this specific issue. This issue seems to be the only significant
> remaining controversy here, so more words settling it more decisively would
> be welcome. Thanks.
>

Sorry. I was reading email non-chronologically this morning. I see that you
have posted much more. If you feel this point is now adequately covered,
please ignore. Thanks.




>
>
>
>
>> so I'll just say:
>>
>> Please ignore this part of the /dev/urandom man page.  It's bogus and
>> not a good source for how to think about crypto-quality randomness.
>>
>> (To share an analogy, the quote above is analogous to saying
>> "SSL is theoretically vulnerable to a cryptographic attack on the
>> algorithms it uses.  Knowledge of how to do this is not available in
>> the non-classified literature, but it is theoretically possible that
>> such an attack may exist.  If this is a concern in your application,
>> turn off your computer instead.")
>> _______________________________________________
>> es-discuss mailing list
>> es-discuss at mozilla.org
>> https://mail.mozilla.org/listinfo/es-discuss
>>
>
>
>
> --
>     Cheers,
>     --MarkM
>



-- 
    Cheers,
    --MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20110216/cfb157d9/attachment.html>


More information about the es-discuss mailing list