On Mon, 28 Sep 2009, wes wrote: > Date: Mon, 28 Sep 2009 13:59:20 -0700 > From: wes <[email protected]> > Reply-To: "General Linux/UNIX discussion and help; civil and on-topic" > <[email protected]> > To: "General Linux/UNIX discussion and help, civil and on-topic" > <[email protected]> > Subject: Re: [PLUG] rngd > >> >> I don't know if I buy the claim that /dev/urandom will never run dry. >> It might not block if it does. But there is only one entropy pool, >> which is shared by /dev/urandom and /dev/random. /dev/random will >> block. This means that using /dev/urandom to excess can cause >> blocking indirectly via /dev/random. >> > >> From my friend that is knowledgeable on such matters: > > Linux collects randomness from interrupt timings, etc. It > keeps an estimate of how much entropy it has in its pool of randomness, > and when it doesn't feel that it has enough randomness it won't emit > data from /dev/random. It waits for more interrupts, etc. Or it pokes > the hardware RNG if you have one. > > /dev/urandom acts like /dev/random until the entropy pool > is exhausted, then it reverts to a Mersenne twister or some classical > pseudo-random number generator, which will theoretically 'start over' > in a few thousand years. Except that more entropy will be available > before then, which would make the period even longer. > > -wes
Yes, that's the part I was forgetting. That's how /dev/urandom can avoid blocking even if there is no more entropy. But falling back on a pseudo-random generator is not good enough. The reason I am using /dev/urandom is because I have witnessed other generators repeat themselves. If someone were to get a sessionid that an administrator had previously, that could be enough to give elevated privileges in a webapp. The seed for the /dev/urandom pseudo-random generator is saved to a file to survive a reboot. But what happens if that file cannot be written to, or the computer crashes suddenly? You'll get the same numbers all over again at next reboot. You mentioned hardware RNGs, but now could you please tell me a good one to use with linux? That is what I need. I like facts and trivia, and I'll gladly receive more, but please include the name of a commercially available card. I changed the subject of this thread to draw more attention to this urgent need. Carlos _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
