On Feb 17, 2012, at 12:41 PM, Nico Williams wrote:
> On Fri, Feb 17, 2012 at 2:39 PM, Thierry Moreau
> <[email protected]> wrote:
>> If your /dev/urandom never blocks the requesting task irrespective of the
>> random bytes usage, then maybe your /dev/random is not as secure as it might
>> be (unless you have an high speed entropy source, but what is "high speed"
>> in this context?)
>
> I'd like for /dev/urandom to block, but only early in boot. Once
> enough entropy has been gathered for it to start it should never
> block. One way to achieve this is to block boot progress early enough
> in booting by reading from /dev/random, thus there'd be no need for
> /dev/urandom to ever block.
I can understand why you might want that, but that would be wrong with a
capital W. The whole *point* of /dev/urandom is that it doesn't block. If you
want blocking behavior, you should be calling /dev/random. The correct solution
is to have early-stage boot code call /dev/random if it wants blocking behavior.
(Note that I have completely ignored an argument of why blocking is rarely a
good idea, which is the reason people call /dev/urandom. No one said software
engineering was easy.)
Jon
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
