[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSP for Debian unstable. was Re: security enhanced debian branch?


On Sun, Jan 04, 2004 at 02:01:52PM +0100, Richard Atterer wrote:
> But surely depleted entropy is only a concern for /dev/random, not
> /dev/urandom? AFAIK, the latter uses a PRNG, which outputs arbitrary
> amounts of pseudo-random data.

No, /dev/urandom shares the entropy pool with /dev/random and
will eventually drain it, too.  The initial comment of the
kernel's driver/char/random.c (which makes really a good read)

    The /dev/urandom device does not have this limit, and will return
    as many bytes as are requested.  As more and more random bytes are
    requested without giving time for the entropy pool to recharge,
    this will result in random numbers that are merely cryptographically
    strong.  For many applications, however, this is acceptable.

I hope this helps,

Attachment: signature.asc
Description: Digital signature

Reply to: