On Mon, Sep 23, 2013 at 12:59 PM, <starlight.201...@binnacle.cx> wrote: > At 20:27 9/23/2013 +0200, Richard Könning wrote: >>/dev/random is a PRNG which blocks when the (crude) >>entropy estimation of the entropy pool falls below a >>limit. Besides this there are afaik no big >>differences between /dev/random and /dev/urandom. > > In the sense that all TRNG outputs are run > through various algorithms that "mix" and > "whiten" the data to assure uniform statistical > distribution, all TRNGs could be called > PRNGs. However the crucial difference is > that TRNG post-filter output is irreproducible > where a "pseudo random number generator" > will predictably generate identical streams > of output given the same seed
First, whenever someone talks about "true" random numbers, I assume they are kidding - I know of no cryptographers who use that term. It's a meaningless phrase. "Cryptographically useful random number generators" possess the desired characteristics - no detectable bias in the bitstream, passing all the usual FIPS tests, etc., as well as forward and backward secrecy, etc. and make use of all available sources of entropy. Unless you're talking about a naive implementation of a LFSR or somesuch, PRNGs don't have a single seed. I'll repeat myself - the fact that the /dev/random implementation you're using blocks is a serious design flaw. Secondly, presuming that the current process (openssl-based) is permitted to perform a blocking read on a constrained system resource is similarly misguided - there may be other processes that want random bits, too. - M ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
