[Info-vax] Linux random number devices, was: Re: SSH/SCP sessions hanging for 7 minutes while reading from "/dev/random"
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Fri Oct 1 09:03:43 EDT 2021
On 2021-09-30, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
> On 2021-09-30 18:11:18 +0000, Simon Clubley said:
>
>> On 2021-09-30, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>>>
>>> Within recent Linux kernel versions, /dev/random and /dev/urandom are
>>> the same underneath, neither will block post-initialization, and both
>>> will produce the same CPRNG values.
>>>
>>
>> On the face of it, that change would seem to be a bad idea.
>>
>> For some applications, it might be more important for them to actually
>> block until sufficient high-quality values are available.
>>
>> Do you know the reason for the change ?
>
> Once properly seeded, chacha20 or another recent stream cipher can
> produce as much CPRNG data as might be needed.
>
Hmmm, I see what they have done. Thanks Stephen.
I'm not convinced that it's actually a good idea.
Let's just hope someone doesn't come up with viable attacks against it.
I hope they at least do reseeding on a regular basis.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
More information about the Info-vax
mailing list