Yes. Compared to /dev/random the /dev/urandom is actually a "program" with certain predictability. /dev/random collects its values from real randomness, at least better than urandom. Look at the "man urandom": The random number generator gathers environmental noise from device drivers and other sources into an entropy pool.... A read from the /dev/urandom device will not block waiting for more entropy. As a result, if there is not sufficient entropy in the entropy pool, the returned values are theoretically vulnerable to a cryptographic attack on the algorithms used by the driver. But actually how weak a feature this is depends on the practical results achieved from the attacks. This may of course depend on the WILL, TIME, and SOFTWARE in use. All cryptography have weaknesses, but it takes time to get hold of them, - like it took time to crack the algoritm of simple DES. But in the end they got it. ------------------------------------------------------------------------------------------------ Heia Fedje! ------------------------------------------------------------------------------------------------ > ----- Original Message ----- > From: "Heinz Diehl" <htd@xxxxxxxxxxxxxxxxx> > To: dm-crypt@xxxxxxxx > Subject: Re: Entropy available for luksFormat during GNU/Linux installs > Date: Sun, 24 Jan 2010 15:02:05 +0100 > > > On 24.01.2010, Arno Wagner wrote: > > > "As a general rule, /dev/urandom should be used for > > everything except long-lived GPG/SSL/SSH keys." > > ^^^^^^ > > Why? > > Is the output of urandom somehow more predictable than random? > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > -- _______________________________________________ Surf the Web in a faster, safer and easier way: Download Opera 9 at http://www.opera.com Powered by Outblaze _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
