Re: ssh, /dev/urandom

To: "Alfred M. Szmidt" <ams@kemisten.nu>
Cc: budi@research.indocisc.com, debian-hurd@lists.debian.org
Subject: Re: ssh, /dev/urandom
From: nisse@lysator.liu.se (Niels Möller)
Date: 18 Dec 2002 18:45:49 +0100
Message-id: <[🔎] nn4r9bqkz6.fsf@fafner.lysator.liu.se>
In-reply-to: <[🔎] plopm37ke7zj83.fsf@drizzt.dyndns.org>
References: <[🔎] Pine.LNX.4.44.0212160010130.7859-100000@stephen.copyleft.co.nz> <[🔎] 20021215202705.GB1097@aragorn> <[🔎] 20021215221126.A3963@l2.ponznet.net> <[🔎] E18NirN-0003Ib-00@lgh163a.kemisten.nu> <[🔎] plopm33coye2ld.fsf@drizzt.dyndns.org> <[🔎] E18NwLs-0003fU-00@lgh163a.kemisten.nu> <[🔎] plopm3lm2qc6b1.fsf@drizzt.dyndns.org> <[🔎] E18O0CD-0003pc-00@lgh163a.kemisten.nu> <[🔎] 20021217013456.GA30498@research.indocisc.com> <[🔎] E18OG7n-0004PK-00@lgh163a.kemisten.nu> <[🔎] plopm3k7i84ybe.fsf@drizzt.dyndns.org> <[🔎] 87d6nz626w.fsf@alberti.g10code.de> <[🔎] plopm37ke7zj83.fsf@drizzt.dyndns.org>

kilobug@freesurf.fr (Gaël Le Mignot) writes:

> This is the current implementation, yes, but /dev/urandom doesn't guarantee
> anything about the "quality" of the random bits. It can be secure, but it
> can be pseudo-random too, and any program that use /dev/urandom as a secure
> source of random bits is flawed,

If we assume that the pseudo randomness generator used by /dev/urandom
is good, and that the entropy pool was able to pick up some 100
hard-to-guess bits at system startup (and if not, you're probably
screwed anyway), then the difference between /dev/random and
/dev/urandom is for most cryptographic applications *totally
irrelevant*.

For an enemy with limited computational power (e.g. the enemy can't
invert md5 or brute force 256 bit AES), then *by definition* the enemy
can't even tell the difference if you're using true random bits or a
good pseudorandom generator, so how can he be better off if you use
the pseudo random one?

Unless you're trying to generate a one-time pad, or use some other
construction that is secure even if the enemy has infinite
computational power (something which openssh certainly doesn't do), it
doesn't matter very much if you use /dev/random or /dev/urandom.

/Niels

Reply to:

Follow-Ups:
- Re: ssh, /dev/urandom
  - From: PUYDT Julien <julien.puydt@laposte.net>

References:
- K1 images - final report?
  - From: Philip Charles <philipc@copyleft.co.nz>
- Re: K1 images - final report?
  - From: Robert Millan <zeratul2@wanadoo.es>
- Re: K1 images - final report?
  - From: pancake <sergipop@mx3.redestb.es>
- Re: K1 images - final report?
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: K1 images - final report?
  - From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: K1 images - final report?
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: K1 images - final report?
  - From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: K1 images - final report?
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- ssh, /dev/urandom (was: Re: K1 images - final report?)
  - From: Budi Rahardjo <budi@research.indocisc.com>
- Re: ssh, /dev/urandom (was: Re: K1 images - final report?)
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom
  - From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: ssh, /dev/urandom
  - From: Werner Koch <wk@gnupg.org>
- Re: ssh, /dev/urandom
  - From: kilobug@freesurf.fr (Gaël Le Mignot)

Prev by Date: Re: ssh, /dev/urandom
Next by Date: Re: ssh, /dev/urandom
Previous by thread: Re: ssh, /dev/urandom
Next by thread: Re: ssh, /dev/urandom
Index(es):
- Date
- Thread