Re: One-line password generator

To: debian-user@lists.debian.org
Subject: Re: One-line password generator
From: "Thomas Schmitt" <scdbackup@gmx.net>
Date: Tue, 29 Aug 2017 09:06:07 +0200
Message-id: <[🔎] 10144754989411934561@scdbackup.webframe.org>
In-reply-to: <[🔎] 20170829023011.v2lh7lzx4ckaj3wr@eye.freedbms.net>
References: <[🔎] 20170829023011.v2lh7lzx4ckaj3wr@eye.freedbms.net>

Hi,

Zenaan Harkness wrote:
> AIUI /dev/random is simply the input feed to /dev/urandom [...]

This is what the article by Thomas Huehn 
  https://www.2uo.de/myths-about-urandom/
calls a myth, illustrated by diagram
  https://www.2uo.de/myths-about-urandom/structure-no.png

Andy Smith stated in
  https://lists.debian.org/debian-user/2017/08/msg01594.html
that the article is correct.

> if you want security/ secure software, you -must- know the nature of
> your inputs,

I thought that i knew from the man page. But people with probably more
knowledge than me contradict that page.

I wrote:
> > I understand that in this situation there is no difference
> > between /dev/random and /dev/urandom.

> No

So this diagram about the situation before kernel 4.8 is wrong ?
  https://www.2uo.de/myths-about-urandom/structure-yes.png

The new situation as stated in
  https://www.2uo.de/myths-about-urandom/structure-new.png
is a bit more obscure, because it is not clear what exactly happens inside
the "randomness pool". Is it only a buffer ? Does it always grow when new
data arrive ? Or does it merge the new bits into a constant size pool ?

> > The difference appears only when the assumption of wealth is not
> > fulfilled.

> ... parse fail

"Wealth" = Well filled randomness pool which makes blocking unnessessary.

> don't use /dev/random, use /dev/urandom instead, as designed,

Urm. Your argumentation up to this point was that they differ sigificantly.

> and as has been made publicly clear for ~10 years now.

The kernel people won't get us users to change our behavior unless the
man page gets clarified and the experts take the responsibility to teach us
what https://www.2uo.de/myths-about-urandom/ tries to teach us.

The current statements look like a lame compromise after some of the
participating experts objected the flat deprecation of /dev/random
even after the system had a few seconds of collecting erratic events.

But what are these objections and why are they important enough to
cause a statement like
  "Choice of random source
   Unless you are doing long-term key generation (and most likely not
   even then), you probably shouldn't be reading from the /dev/random [...]"
in
  http://man7.org/linux/man-pages/man7/random.7.html

The clause "most likely not" puts the whole statement in question without
giving a clue about the proper answer.
Further it implies a vague security difference between both devices.

>   Confront the man page!

If only this would give more clarity ... X-|

My current compilation of all info is like this:

/dev/random was originally designed to possibly block, but is now said
not to do this any more in practice.
/dev/urandom was originally designed to hand out lower quality random
if /dev/random would block, but is now said not to do this any more.

Have a nice day :)

Thomas

Reply to:

Follow-Ups:
- Re: One-line password generator
  - From: Zenaan Harkness <zenaan@freedbms.net>

References:
- Re: One-line password generator
  - From: Zenaan Harkness <zenaan@freedbms.net>

Prev by Date: Re: [Multiarch] armhf on arm64 is not working
Next by Date: Re: [Multiarch] armhf on arm64 is not working
Previous by thread: Re: One-line password generator
Next by thread: Re: One-line password generator
Index(es):
- Date
- Thread