Re: ssh, /dev/urandom
Niels a écrit :
> The argument is really simple. Programs that use /dev/urandom
> generally expect to get numbers that are not only uniform, but numbers
> which are actually *useful* for *cryptographic* purposes. Creating a
> /dev/urandom that does something different is breaking that informal
> interface.
I don't agree at all on that. You are speaking of /dev/random, not of
/dev/urandom.
man urandom on my GNU/Linux system:
When read, /dev/urandom device will return as many bytes as are
requested. As a result, if there is not sufficient entropy in the
entropy pool, the returned values are theoretically vulnerable to a
cryptographic attack on the algorithms used by the driver. Knowledge
of how to do this is not available in the current non-classified liter-
ature, but it is theoretically possible that such an attack may exist.
If this is a concern in your application, use /dev/random instead.
So, it is explicity written that /dev/urandom is _not_
cryptographically safe random data, and is cheap random data if the
entropy pool is depleted. Using Marcus' random translator for
/dev/_u_random, will be, for applications, just as if the entropy were
depleted by another application just before; which can happen on any
GNU/Linux system, or whatever. We are just always in the "bad case",
but application using /dev/urandom are aware this "bad case" can happen,
and sometimes do. There is nothing wrong in that.
--
Gael Le Mignot "Kilobug" - kilobug@nerim.net - http://kilobug.free.fr
GSM : 06.71.47.18.22 (in France) ICQ UIN : 7299959
Fingerprint : 1F2C 9804 7505 79DF 95E6 7323 B66B F67B 7103 C5DA
Member of HurdFr: http://hurdfr.org - The GNU Hurd: http://hurd.gnu.org
Reply to: