Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Jul 2017 09:16:09 -0400
From: Paul Koning <>
Cc: Lee Duncan <>,
 David Miller <>,
 Eric Biggers <>,
 "Nicholas A.Bellinger" <>,
 Greg Kroah-Hartman <>,
 "" <>,
 Ted Ts'o <>,
 Chris Leech <>,
 Linux Crypto Mailing List <>,,
 "Jason A.Donenfeld" <>
Subject: Re: Antw: Re: Re: [PATCH v4 06/13] iscsi: ensure RNG is seeded before use

> On Jul 5, 2017, at 3:08 AM, Ulrich Windl <> wrote:
>>>> Jeffrey Walton <> schrieb am 17.06.2017 um 16:23 in Nachricht
> <>:
> [...]
>> But its not clear to me how to ensure uniqueness when its based on
>> randomness from the generators.
> Even with a perfect random generator non-unique values are possible (that's why it's random). It's unlikely, but it can happen. The question is whether the probability of non-unique values from /dev/urandom is any higher than that for values read from /dev/random. One _might_ be able to predict the values from /dev/urandom.

In the implementations I know, /dev/random and /dev/urandom are the same driver, the only difference is that when you read from /dev/random there's a check for the current entropy level.

If you haven't fed enough entropy yet to the driver since startup, and you read /dev/urandom, you get a value that isn't sufficiently secure.  

If you have a properly constructed RNG, as soon as it's been fed enough entropy it is secure (at least for the next 2^64 bits or so).  The notion of "using up entropy" is not meaningful for a good generator.   See Bruce Schneier's "Yarrow" paper for the details.


Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.