Budi Rahardjo <[EMAIL PROTECTED]> writes: > On Wed, Dec 18, 2002 at 12:54:17AM +0100, Ga?l Le Mignot wrote: > > No, we should use a random translator, which, at least, provide uniform > > numbers, and differents number on successive reads. > > I have not heard argument(s) against this.
The argument is really simple. Programs that use /dev/urandom generally expect to get numbers that are not only uniform, but numbers which are actually *useful* for *cryptographic* purposes. Creating a /dev/urandom that does something different is breaking that informal interface. I mean, it's like making /usr/lib/sendmail a symlink to nethack: There's an informal interface defining what the thing installed as /usr/lib/sendmail should do, and you break that by doing something completely different. Except that instead of broken mail delivery, munging with /dev/urandom will give you subtle, and hard to notice security holes. If you do that, anybody that's trying to write serious crypto software will have to add some workaround that tries to figure out if you're running on the Hurd or not, and if you are, note that you most likely have a broken useless /dev/urandom and avoid using it. Furthermore, whenever a proper Hurd /dev/urandom is written, there will be confusion for *years* on whether or not /dev/urandom on the Hurd is usable, as crypto applications will have a hard time knowing if /dev/urandom on a particular Hurd machine happens to be the new working one or the old useless version. And the openssh issue seems *really* really stupid. Just enable the configure flag to make it work on systems without /dev/urandom and be done with it! (Ok, for obvious reasones I haven't compiled any openssh for years, but I think someone mentioned earlier that there is a configure flag for exactly that). /Niels
