Gisle Sælensminde wrote: > Some people argue that a periodically reseeded cryptographic-quality > random number generator is as secure as a true random number generator for > all practical purposes. [snip] > I personally can't think of any realistic scenario where /dev/random would > make you safe while /dev/urandom would make you sorry. No problem if cryptographic-quality random number generator is reseeded using high quality entropy. But saving/reseeding PRNG using a plaintext file as most distros seem to do at shutdown and boot does not count as secure. /dev/urandom state may be predictable for some time after boot. /dev/random at least waits for new entropy before handing out random bits, and avoids that predictable state pitfall. Do most distros attempt to overwrite /var/lib/urandom/random-seed or whatever after it has been used to reseed /dev/urandom? Does any distro attempt to overwrite that file? For the record, loop-AES versions of mount/losetup/swapon that set up random key loop devices, use /dev/urandom. But they also attempt to work-around possibly predictable boot-time /dev/urandom bits. The work-around is basically random-seed save/restore (to backing device) but with 20 overwrites of saved-state after it has been used to create new encryption keys. See source for more details. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
