[whatwg] Cryptographically strong random numbers
Mark S. Miller
erights at google.com
Wed Feb 16 11:34:34 PST 2011
On Wed, Feb 16, 2011 at 11:31 AM, Mark S. Miller <erights at google.com> wrote:
> On Wed, Feb 16, 2011 at 11:13 AM, David Wagner <daw at cs.berkeley.edu>wrote:
>> Shabsi Walfish wrote (quoting from the urandom(4) man page):
>> > A read from the */dev/urandom* device will not block waiting for more
>> > entropy. As a result, if there is not sufficient entropy in the entropy
>> > pool, the returned values are theoretically vulnerable to a
>> > attack on the algorithms used by the driver. Knowledge of how to do
>> > this is not available in the current non-classified literature, but it
>> > is theoretically possible that such an attack may exist. If this is a
>> > concern in your application, use */dev/random* instead.
>> This is total FUD. I've long complained about the fact that this is in
>> the urandom(4) man page, as it leads to widespread misconceptions, but
>> it's never been fixed. I don't want to waste the time of people on this
>> mailing list deconstructing this statement in detail,
> Hi David, please feel free to, or to point at pages where we can read more
> about this specific issue. This issue seems to be the only significant
> remaining controversy here, so more words settling it more decisively would
> be welcome. Thanks.
Sorry. I was reading email non-chronologically this morning. I see that you
have posted much more. If you feel this point is now adequately covered,
please ignore. Thanks.
>> so I'll just say:
>> Please ignore this part of the /dev/urandom man page. It's bogus and
>> not a good source for how to think about crypto-quality randomness.
>> (To share an analogy, the quote above is analogous to saying
>> "SSL is theoretically vulnerable to a cryptographic attack on the
>> algorithms it uses. Knowledge of how to do this is not available in
>> the non-classified literature, but it is theoretically possible that
>> such an attack may exist. If this is a concern in your application,
>> turn off your computer instead.")
>> es-discuss mailing list
>> es-discuss at mozilla.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss