On Sun, Jan 24, 2010 at 03:02:05PM +0100, Heinz Diehl wrote: > On 24.01.2010, Arno Wagner wrote: > > > "As a general rule, /dev/urandom should be used for everything > > except long-lived GPG/SSL/SSH keys." > > ^^^^^^ > > Why? > > Is the output of urandom somehow more predictable than random? In a low environmental Entropy situation for a newly installed system, it is. For example it will give you a 512 bit key, even if it has only gathered 32 bits of entropy. The attacker then needs to try all 512 bit keys generated with the possible different 32 bit initializations to find the key. It is not an attack that really matters when there is a user at the keyboard, and a mouse in use. Think of fully automated installation with no user interaction on a very simple system not connected to the network. /dev/random will, in contrast, make you wait until it has gathered signbificantly more entropy than the 512 bits before giving you the key. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
