Re: ssh, /dev/urandom

To: Gaël Le Mignot <kilobug@freesurf.fr>
Cc: "Alfred M. Szmidt" <ams@kemisten.nu>, budi@research.indocisc.com, debian-hurd@lists.debian.org
Subject: Re: ssh, /dev/urandom
From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
Date: Wed, 18 Dec 2002 12:44:51 +0100
Message-id: <[🔎] 20021218114451.GB2383@212.23.136.22>
In-reply-to: <[🔎] plopm37ke7zj83.fsf@drizzt.dyndns.org>
References: <[🔎] E18NirN-0003Ib-00@lgh163a.kemisten.nu> <[🔎] plopm33coye2ld.fsf@drizzt.dyndns.org> <[🔎] E18NwLs-0003fU-00@lgh163a.kemisten.nu> <[🔎] plopm3lm2qc6b1.fsf@drizzt.dyndns.org> <[🔎] E18O0CD-0003pc-00@lgh163a.kemisten.nu> <[🔎] 20021217013456.GA30498@research.indocisc.com> <[🔎] E18OG7n-0004PK-00@lgh163a.kemisten.nu> <[🔎] plopm3k7i84ybe.fsf@drizzt.dyndns.org> <[🔎] 87d6nz626w.fsf@alberti.g10code.de> <[🔎] plopm37ke7zj83.fsf@drizzt.dyndns.org>

On Wed, Dec 18, 2002 at 11:58:52AM +0100, Gaël Le Mignot wrote:
> 
> Werner a écrit : 
> 
>  > On Tue, 17 Dec 2002 13:36:21 +0100, Gaël Le Mignot said:
>  >> And /dev/urandom is not really done for "cryptographic secure" randomness,
>  >> it's the goal of /dev/random, not /dev/urandom (and AFAIK ssh only uses
> 
>  > That is not really true.  The common implementations of /dev/[u]random
>  > for *BSD and Linux use only one entropy pool and the only difference
>  > between random and urandom ist that urandom never blocks on low
>  > entropy but continues to yield random bytes using a pesudo random
>  > number generater (i.e. hashing the pool again).  So, as long as enough
>  > entropy is available both devices can be considered equal.
> 
> This is the current implementation, yes, but /dev/urandom doesn't guarantee
> anything about the "quality" of the random bits. It can be secure, but it
> can be pseudo-random too, and any program that use /dev/urandom as a secure
> source of random bits is flawed, so there is absolutely no problem, IMHO,
> to use the current random translator for /dev/urandom.

It's not flawed to use /dev/urandom for some purposes, like session keys,
which are only needed for a short time (a few hours or days) and then thrown
away.

It's correct that you can not tell much about the quality of urandom if you
read it.  However, the urandom translator itself knows more about when it
was reseeded.

In anyway, the reason the current translators are incomplete is that they
don't support polling random sources themselves (a kernel device), and
urandom should more actively seek to reseed itself, or be reseeded by
/dev/random.  Also, we need to have the oskit random device for /dev/random.

When we have the oskit device, I will happily finish my random translators
and put them in CVS.

Thanks,
Marcus

-- 
`Rhubarb is no Egyptian god.' GNU      http://www.gnu.org    marcus@gnu.org
Marcus Brinkmann              The Hurd http://www.gnu.org/software/hurd/
Marcus.Brinkmann@ruhr-uni-bochum.de
http://www.marcus-brinkmann.de/

Reply to:

References:
- Re: K1 images - final report?
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: K1 images - final report?
  - From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: K1 images - final report?
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: K1 images - final report?
  - From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: K1 images - final report?
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- ssh, /dev/urandom (was: Re: K1 images - final report?)
  - From: Budi Rahardjo <budi@research.indocisc.com>
- Re: ssh, /dev/urandom (was: Re: K1 images - final report?)
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom
  - From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: ssh, /dev/urandom
  - From: Werner Koch <wk@gnupg.org>
- Re: ssh, /dev/urandom
  - From: kilobug@freesurf.fr (Gaël Le Mignot)

Prev by Date: SUBSCRIBE
Next by Date: Re: K1 images - final report?
Previous by thread: Re: ssh, /dev/urandom
Next by thread: Re: ssh, /dev/urandom
Index(es):
- Date
- Thread