Re: One-line password generator

[Greg Wooledge <wooledg@eeg.ccf.org>]

On Wed, Aug 30, 2017 at 11:47:24AM +1000, Zenaan Harkness wrote:
> They don't. You ought not use /dev/urandom for key generation, use
> /dev/random instead.

The Linux man page disagrees with you.  From Debian 9 urandom(4):

       The /dev/random device is a legacy interface which dates back to a time
       where the  cryptographic  primitives  used  in  the  implementation  of
       /dev/urandom were not widely trusted.  It will return random bytes only
       within the estimated number of bits of fresh noise in the entropy pool,
       blocking  if  necessary.  /dev/random is suitable for applications that
       need high quality randomness, and can afford indeterminate delays.

   [...]

   Usage
       The  /dev/random  interface  is  considered  a  legacy  interface,  and
       /dev/urandom is preferred and sufficient in all  use  cases,  with  the
       exception  of  applications  which require randomness during early boot
       time; for  these  applications,  getrandom(2)  must  be  used  instead,
       because it will block until the entropy pool is initialized.