On Fri, Feb 17, 2012 at 2:51 PM, Jon Callas <[email protected]> wrote: > On Feb 17, 2012, at 12:41 PM, Nico Williams wrote: >> On Fri, Feb 17, 2012 at 2:39 PM, Thierry Moreau >> <[email protected]> wrote: >>> If your /dev/urandom never blocks the requesting task irrespective of the >>> random bytes usage, then maybe your /dev/random is not as secure as it might >>> be (unless you have an high speed entropy source, but what is "high speed" >>> in this context?) >> >> I'd like for /dev/urandom to block, but only early in boot. Once >> enough entropy has been gathered for it to start it should never >> block. One way to achieve this is to block boot progress early enough >> in booting by reading from /dev/random, thus there'd be no need for >> /dev/urandom to ever block. > > I can understand why you might want that, but that would be wrong with a > capital W. The whole *point* of /dev/urandom is that it doesn't block. If you > want blocking behavior, you should be calling /dev/random. The correct > solution is to have early-stage boot code call /dev/random if it wants > blocking behavior.
I was hoping you'd read the second sentence, where I basically say that /dev/urandom shouldn't block, that the system should not progress past where /dev/urandom is needed until /dev/urandom has enough entropy. Nico -- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
