Brian Henning wrote:
I was about to reply along this line earlier today, before I googled
"urandom"... Assuming it works similarly on all *nix systems (which, I
realize, could be a big assumption), both urandom and random pull from the
entropy pool; the only difference being that random blocks when it runs out,
whereas urandom forges ahead with a pseudo-random generator. At least,
that's how I interpreted what I read.
That's essentially the meat of it. Both random and urandom use entropy
when they have it, but random will block until it gets more, once it
runs out, urandom will continue with the last bit of random it had as a
seed, which works reasonably well, but isn't as secure. The real
problem comes when something else that wants to be secure decides to
read from /dev/random, it will block until it gets sufficient entropy to
continue. I haven't tested for sure, but at the least it's going to
cause some unnecessary delay for that process if you've run the system
out of random data (until more can be acquired). At the worst, it may
continually deplete the random pool via urandom so fast that random
never gets a sufficiently large chunk to return it to the blocked
process (not likely, but possible).
Aaron S. Joyner
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
