Steven D'Aprano <st...@pearwood.info>: > On Tue, 23 Feb 2016 06:32 am, Marko Rauhamaa wrote: >> Under Linux, /dev/random is the way to go when strong security is >> needed. Note that /dev/random is a scarce resource on ordinary >> systems. > > That's actually incorrect, but you're not the only one to have been > mislead by the man pages. > > http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
Still, mostly hypnotic repetitions. However, it admits: But /dev/random also tries to keep track of how much entropy remains in its kernel pool, and will occasionally go on strike if it decides not enough remains. That's the whole point. /dev/random will rather block the program than lower the quality of the random numbers below a threshold. /dev/urandom has no such qualms. If you use /dev/random instead of urandom, your program will unpredictably (or, if you’re an attacker, very predictably) hang when Linux gets confused about how its own RNG works. Yes, possibly indefinitely, too. Using /dev/random will make your programs less stable, but it won’t make them any more cryptographically safe. It is correct that you shouldn't use /dev/random as a routine source of bulk random numbers. It is also correct that /dev/urandom depletes the entropy pool as effectively as /dev/random. However, when you are generating signing or encryption keys, you should use /dev/random. As stated in <URL: https://lwn.net/Articles/606141/>: /dev/urandom should be used for essentially all random numbers required, but /dev/random is sometimes used for things like extremely sensitive, long-lived keys (e.g. GPG) or one-time pads. > See also: > > http://www.2uo.de/myths-about-urandom/ Already addressed. Marko -- https://mail.python.org/mailman/listinfo/python-list
