-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 20 Aug 2015 22:50:05 +0200, Klaus Hartnegg (<hartn...@gmx.de>) wrote about "Re: [fpc-pascal] quality of FPC random" (in <55d63d7d.6040...@gmx.de>):
> Am 14.08.2015 um 15:38 schrieb Xiangrong Fang: >> I need to generate random numbers to be used as IV of block >> ciphers. My question is: is FPC built-in PRNG good enough as >> comparing to /dev/urandom? > > NO!!! For crypto always use /dev/urandom > >> On the other hand, /dev/urandom in my impression is fairly slow, >> how is the speed of Random() comparing to that? > > Speed is irrelevant, because you do not need many truely random > numbers for crypto. For crypto always use /dev/urandom man 4 random The /dev/urandom device can resort to a PRNG and can, therefore, be attacked when used for crypto. Consequently, /dev/urandom is *not* universally suitable for cryptographic purposes. In contrast, /dev/random is based on the system entropy pool. Its numbers are genuinely random. The downside is that if the entropy pool runs low on bytes, read requests will block until the pool is refilled. On this machine, I have a hardware random number generator on the bus control chipset and a daemon process that uses the hardware to top up the entropy pool when it gets low. I highly recommend such a set-up. Failing that, you can use the HAVEGE daemon (Google is your friend) to top up the entropy pool from other sources, if you don't have a hardware RNG. - -- Regards, Dave [RLU #314465] *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* david.w.n...@googlemail.com (David W Noon) *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlXWWF4ACgkQogYgcI4W/5RqJQCgsVvdf3ihJrvqs4UQdICQTB7T epkAoMXQR+Kjai///7EibePEoT6RUoq/ =IGX0 -----END PGP SIGNATURE----- _______________________________________________ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
