Re: ssh, /dev/urandom

To: "Alfred M. Szmidt" <ams@kemisten.nu>
Cc: budi@research.indocisc.com, debian-hurd@lists.debian.org
Subject: Re: ssh, /dev/urandom
From: kilobug@freesurf.fr (Gaël Le Mignot)
Date: Wed, 18 Dec 2002 11:58:52 +0100
Message-id: <[🔎] plopm37ke7zj83.fsf@drizzt.dyndns.org>
In-reply-to: <[🔎] 87d6nz626w.fsf@alberti.g10code.de> (Werner Koch's message of "Wed, 18 Dec 2002 11:39:35 +0100")
References: <[🔎] Pine.LNX.4.44.0212160010130.7859-100000@stephen.copyleft.co.nz> <[🔎] 20021215202705.GB1097@aragorn> <[🔎] 20021215221126.A3963@l2.ponznet.net> <[🔎] E18NirN-0003Ib-00@lgh163a.kemisten.nu> <[🔎] plopm33coye2ld.fsf@drizzt.dyndns.org> <[🔎] E18NwLs-0003fU-00@lgh163a.kemisten.nu> <[🔎] plopm3lm2qc6b1.fsf@drizzt.dyndns.org> <[🔎] E18O0CD-0003pc-00@lgh163a.kemisten.nu> <[🔎] 20021217013456.GA30498@research.indocisc.com> <[🔎] E18OG7n-0004PK-00@lgh163a.kemisten.nu> <[🔎] plopm3k7i84ybe.fsf@drizzt.dyndns.org> <[🔎] 87d6nz626w.fsf@alberti.g10code.de>

Werner a écrit : 

 > On Tue, 17 Dec 2002 13:36:21 +0100, Gaël Le Mignot said:
 >> And /dev/urandom is not really done for "cryptographic secure" randomness,
 >> it's the goal of /dev/random, not /dev/urandom (and AFAIK ssh only uses

 > That is not really true.  The common implementations of /dev/[u]random
 > for *BSD and Linux use only one entropy pool and the only difference
 > between random and urandom ist that urandom never blocks on low
 > entropy but continues to yield random bytes using a pesudo random
 > number generater (i.e. hashing the pool again).  So, as long as enough
 > entropy is available both devices can be considered equal.

This is the current implementation, yes, but /dev/urandom doesn't guarantee
anything about the "quality" of the random bits. It can be secure, but it
can be pseudo-random too, and any program that use /dev/urandom as a secure
source of random bits is flawed, so there is absolutely no problem, IMHO,
to use the current random translator for /dev/urandom.

-- 
Gael Le Mignot "Kilobug" - kilobug@nerim.net - http://kilobug.free.fr
GSM         : 06.71.47.18.22 (in France)   ICQ UIN   : 7299959
Fingerprint : 1F2C 9804 7505 79DF 95E6 7323 B66B F67B 7103 C5DA

Member of HurdFr: http://hurdfr.org - The GNU Hurd: http://hurd.gnu.org

Reply to:

Follow-Ups:
- Re: ssh, /dev/urandom
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: ssh, /dev/urandom
  - From: Werner Koch <wk@gnupg.org>
- Re: ssh, /dev/urandom
  - From: nisse@lysator.liu.se (Niels Möller)

References:
- K1 images - final report?
  - From: Philip Charles <philipc@copyleft.co.nz>
- Re: K1 images - final report?
  - From: Robert Millan <zeratul2@wanadoo.es>
- Re: K1 images - final report?
  - From: pancake <sergipop@mx3.redestb.es>
- Re: K1 images - final report?
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: K1 images - final report?
  - From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: K1 images - final report?
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: K1 images - final report?
  - From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: K1 images - final report?
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- ssh, /dev/urandom (was: Re: K1 images - final report?)
  - From: Budi Rahardjo <budi@research.indocisc.com>
- Re: ssh, /dev/urandom (was: Re: K1 images - final report?)
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom
  - From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: ssh, /dev/urandom
  - From: Werner Koch <wk@gnupg.org>

Prev by Date: Re: ssh, /dev/urandom
Next by Date: SUBSCRIBE
Previous by thread: Re: ssh, /dev/urandom
Next by thread: Re: ssh, /dev/urandom
Index(es):
- Date
- Thread