Re: One-line password generator

To: debian-user@lists.debian.org
Subject: Re: One-line password generator
From: "Thomas Schmitt" <scdbackup@gmx.net>
Date: Mon, 28 Aug 2017 09:37:54 +0200
Message-id: <[🔎] 11932755426158170821@scdbackup.webframe.org>
In-reply-to: <[🔎] 20170827215133.GC28420@bitfolk.com>
References: <[🔎] 20170827215133.GC28420@bitfolk.com>

Hi,

Andy Smith wrote:
> The relevant Linux man pages were
> recently updated to clarify that once seeded, /dev/urandom is
> sufficient for any use
> [...]
> https://bugzilla.kernel.org/show_bug.cgi?id=71211

Maybe there are stronger reasons to abandon /dev/random. But that thread
states as only other motivation besides "It's safe, stupid" this observation
of Laurent Georget:

  "[...] as long as you use /dev/urandom for cryptographic
   purposes only, you should be ok, because you will never need *a lot* of
   random data anyway in any sensible program."

But this also implies that /dev/random will not block because there is
always more entropy in the pool than can reasonably be drained.
Plausible under normal circumstances, but also easy to sabotage if you have
an account on that machine or can get people to running a program of yours.

>  and that /dev/random is a legacy interface

I can read this only from half of the new man pages which are referred
in the thread.

  http://man7.org/linux/man-pages/man7/random.7.html
does not call it legacy but still gives it a job:

  "Choice of random source
   Unless you are doing long-term key generation (and most likely not
   even then), you probably shouldn't be reading from the /dev/random
   device or employing getrandom(2) with the GRND_RANDOM flag."

We are discussing exactly this: Long-term key generation.

In 
  http://man7.org/linux/man-pages/man4/random.4.html
it is indeed labeled "legacy", but still with a job:

  "The /dev/random device is a legacy interface which dates back to a
   time where the cryptographic primitives used in the implementation of
   /dev/urandom were not widely trusted.  It will return random bytes
   only within the estimated number of bits of fresh noise in the
   entropy pool, blocking if necessary.  /dev/random is suitable for
   applications that need high quality randomness, and can afford
   indeterminate delays.

Again, this is the situation we discuss:
Non-expert trust and enough time to wait for the coward's random numbers.

So yes, the experts tend towards deeming obsolete the extra entropy test
and the consequential blocking.

But i myself have two use cases for (pseudo-)random numbers:
- Small but hard secrets which i need for security purposes.
- 3 times 25 GB of random stream to surely shake up the bits on a BD-RE
  medium which previously contained embarassing data.

The first purpose is still assigned to /dev/random, according to the
new man pages (at least if one is committed by one's first name to be
a disbeliever).

The second one is not a job for /dev/urandom either. It does not even
need a strong seed, because the data do not have to be secret. In fact
they are intended to be readable instead of the original data which i
want to destroy.

Have a nice day :)

Thomas

Reply to:

Follow-Ups:
- Re: One-line password generator
  - From: Curt <curty@free.fr>

References:
- Re: One-line password generator
  - From: Andy Smith <andy@strugglers.net>

Prev by Date: No ifconfig [Was: no /etc/inittab]
Next by Date: No ifconfig
Previous by thread: Re: One-line password generator
Next by thread: Re: One-line password generator
Index(es):
- Date
- Thread