On 2016-06-21 03:32, Stephan Mueller wrote:
Am Dienstag, 21. Juni 2016, 09:12:07 schrieb Nikos Mavrogiannopoulos:
Hi Nikos,
On Mon, Jun 20, 2016 at 5:43 PM, Stephan Mueller <smueller@xxxxxxxxxx>
wrote:
Personally, I don't really use /dev/random, nor would I recommend it
for most application programmers. At this point, getrandom(2) really
is the preferred interface unless you have some very specialized
needs.
I fully agree. But there are use cases for /dev/random, notably as a seed
source for other DRNG.
Is that really the case? I believe all DRNG's use /dev/urandom anyway
for seeding since they cannot afford indeterminate blocking. It would
be a gain for everyone if /dev/random was the same as /dev/urandom in
Linux.
For standard approaches, this is true. But there are regulations, notably in
the German realm, /dev/random shall be used, at least partially (see AIS
20/31).
Which just goes to show how utterly stupid some people who write laws
and regulations are. Saying specifically that '/dev/random shall be
used' does not enforce any improvement of entrophic value in the data at
all, it just coincidentally improves the theoretical quality of the data
because of how Linux and some legacy UNIX systems are designed. This
'regulation' already provides zero benefit other than a placebo effect
on at least OpenBSD, FreeBSD, and I'm pretty certain most other BSD
derivatives, as /dev/random and /dev/urandom point to the same thing
there (on OpenBSD it's an arcfour based drbg, FreeBSD does similar but
uses a CSPRNG called Fortuna), and while I'm not certain, I believe AIX
does likewise (although they use a design based on yarrow).
On top of that though, just because some poorly thought out standard
requires it's usage doesn't mean we have to work based on that.
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html