On Wed, Aug 30, 2017 at 11:47:24AM +1000, Zenaan Harkness wrote:
> They don't. You ought not use /dev/urandom for key generation, use
> /dev/random instead.
The Linux man page disagrees with you. From Debian 9 urandom(4):
The /dev/random device is a legacy interface which dates back to a time
where the cryptographic primitives used in the implementation of
/dev/urandom were not widely trusted. It will return random bytes only
within the estimated number of bits of fresh noise in the entropy pool,
blocking if necessary. /dev/random is suitable for applications that
need high quality randomness, and can afford indeterminate delays.
[...]
Usage
The /dev/random interface is considered a legacy interface, and
/dev/urandom is preferred and sufficient in all use cases, with the
exception of applications which require randomness during early boot
time; for these applications, getrandom(2) must be used instead,
because it will block until the entropy pool is initialized.
