> On Jul 5, 2017, at 3:08 AM, Ulrich Windl <ulrich.wi...@rz.uni-regensburg.de>
> wrote:
>
>>>> Jeffrey Walton <noloa...@gmail.com> schrieb am 17.06.2017 um 16:23 in
>>>> Nachricht
> <cah8yc8nhx2r9cfq0gnejaurgsfas8v16dvhv35brnln-ypr...@mail.gmail.com>:
>
> [...]
>> But its not clear to me how to ensure uniqueness when its based on
>> randomness from the generators.
>
> Even with a perfect random generator non-unique values are possible (that's
> why it's random). It's unlikely, but it can happen. The question is whether
> the probability of non-unique values from /dev/urandom is any higher than
> that for values read from /dev/random. One _might_ be able to predict the
> values from /dev/urandom.
In the implementations I know, /dev/random and /dev/urandom are the same
driver, the only difference is that when you read from /dev/random there's a
check for the current entropy level.
If you haven't fed enough entropy yet to the driver since startup, and you read
/dev/urandom, you get a value that isn't sufficiently secure.
If you have a properly constructed RNG, as soon as it's been fed enough entropy
it is secure (at least for the next 2^64 bits or so). The notion of "using up
entropy" is not meaningful for a good generator. See Bruce Schneier's
"Yarrow" paper for the details.
paul
