* Stephen Gallagher: > /dev/urandom is not cryptographically sound. From the manpage:
I think the key word in the manpage is "theoretical". "openssl genrsa" and others use it for generating non-ephemeral keys. It shares most of its code with /dev/random, so algorithmic breaches will affect both. The safety of /dev/random in the face of algorithm breaches relies on the entropy for the data fed into it. Historically, these estimates tended to be much too high, so the claim in the manpage about theoretical safety is a bit dubious anyway. > As such, I highly recommend that you use os.random() instead. Yes, > this may result in blocking behavior, but since python-ssh is a > crypto-specific library, I think you need to ensure that it's truly > secure by default. I'd suggest adding a blocking/nonblocking flag to > the call, but I realize you're trying to stick with an identical API > interface to the original Crypto/Random. This risks making python-ssh unusable on systems where /dev/random is not able to deliver substantial amounts of data. As far as I can tell, the code in python-crypto that python-ssh uses reads from /dev/urandom as well. _______________________________________________ epel-devel mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/epel-devel
