While we're on the subject of /dev/[u]random, has anyone
looked at the new FreeBSD 5.3 version?  I recently installed
5.3, and much to my surprise they have got rid of the random
component, and are now only using the urandom part (they
have a symlink in place).

localhost$ ls -l /dev/*random
crw-rw-rw-  1 root  wheel  249,   0 Dec 26 11:41 /dev/random
lrwxr-xr-x  1 root  wheel         6 Dec 26 11:41 /dev/urandom -> random

localhost$ time dd if=/dev/random bs=1k count=100000 of=/dev/null
100000+0 records in
100000+0 records out
102400000 bytes transferred in 7.526354 secs (13605525 bytes/sec)

real    0m7.532s
user    0m0.125s
sys     0m6.979s

(Also, there is a startup script that asks for initial type-in
entropy on install - mine broke and didn't clearly indicate
its state...).

Personally, I quite liked the random v. urandom separation.
It gave you choice.  Now, I feel tempted to go back to doing
the entropy in my own code and not relying on FreeBSD,
because I lack a feel-good factor represented by the block
that occurs when entropy runs out.

But, these are ignorant, external speculations...


Enzo Michelangeli wrote:

This "entropy depletion" issue keeps coming up every now and then, but I still don't understand how it is supposed to happen. If the PRNG uses a really non-invertible algorithm (or one invertible only with intractable complexity), its output gives no insight whatsoever on its internal state. As entropy is a measure of the information we don't have about the internal state of a system, it seems to me that in a good PRNGD its value cannot be reduced just by extracting output bits. If there is an entropy estimator based on the number of bits extracted, that estimator must be flawed.


News and views on what matters in finance+crypto:

--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to