Re: Encrypting an External HDD

[Celejar <celejar@gmail.com>]

On Wed, 15 Apr 2015 08:30:04 -0700
David Christensen <dpchrist@holgerdanske.com> wrote:

...

> /dev/random is for cryptographically secure random numbers, such as for 
> cryptographic keys.  It requires a source of entropy to operate, and 
> will block until entropy is available.  Thus, on most desktop computers, 
> it is only suitable for small amounts of random numbers.

...

> /dev/urandom is for non-cryptographic/ low-security random numbers, such 
> as for games.  It will use entropy as available, otherwise it will 
> mathematically generate pseudo-random numbers.  It does not block and 
> can generate large amounts of random data quickly, but is vulnerable to 
> attack.

I don't think it's quite this simple:

1) OpenSSl thinks /dev/urandom is good enough for crypto:
https://www.openssl.org/support/faq.html#USER1

2) Perl's Math::Random::Secure also thinks it's generally good enough:
http://search.cpan.org/~mkanat/Math-Random-Secure-0.06/lib/Math/Random/Secure.pm#Making_Math::Random::Secure_Even_More_Secure

3) Read these guys (don't know how correct they are):

http://www.2uo.de/myths-about-urandom/
http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/

Celejar