Hi, Zenaan Harkness wrote: > AIUI /dev/random is simply the input feed to /dev/urandom [...]
This is what the article by Thomas Huehn https://www.2uo.de/myths-about-urandom/ calls a myth, illustrated by diagram https://www.2uo.de/myths-about-urandom/structure-no.png Andy Smith stated in https://lists.debian.org/debian-user/2017/08/msg01594.html that the article is correct. > if you want security/ secure software, you -must- know the nature of > your inputs, I thought that i knew from the man page. But people with probably more knowledge than me contradict that page. I wrote: > > I understand that in this situation there is no difference > > between /dev/random and /dev/urandom. > No So this diagram about the situation before kernel 4.8 is wrong ? https://www.2uo.de/myths-about-urandom/structure-yes.png The new situation as stated in https://www.2uo.de/myths-about-urandom/structure-new.png is a bit more obscure, because it is not clear what exactly happens inside the "randomness pool". Is it only a buffer ? Does it always grow when new data arrive ? Or does it merge the new bits into a constant size pool ? > > The difference appears only when the assumption of wealth is not > > fulfilled. > ... parse fail "Wealth" = Well filled randomness pool which makes blocking unnessessary. > don't use /dev/random, use /dev/urandom instead, as designed, Urm. Your argumentation up to this point was that they differ sigificantly. > and as has been made publicly clear for ~10 years now. The kernel people won't get us users to change our behavior unless the man page gets clarified and the experts take the responsibility to teach us what https://www.2uo.de/myths-about-urandom/ tries to teach us. The current statements look like a lame compromise after some of the participating experts objected the flat deprecation of /dev/random even after the system had a few seconds of collecting erratic events. But what are these objections and why are they important enough to cause a statement like "Choice of random source Unless you are doing long-term key generation (and most likely not even then), you probably shouldn't be reading from the /dev/random [...]" in http://man7.org/linux/man-pages/man7/random.7.html The clause "most likely not" puts the whole statement in question without giving a clue about the proper answer. Further it implies a vague security difference between both devices. > Confront the man page! If only this would give more clarity ... X-| My current compilation of all info is like this: /dev/random was originally designed to possibly block, but is now said not to do this any more in practice. /dev/urandom was originally designed to hand out lower quality random if /dev/random would block, but is now said not to do this any more. Have a nice day :) Thomas
