passwdgen

Tomasz Grobelny tomasz at grobelny.oswiecenia.net
Sat Aug 6 19:05:57 CEST 2005


Dnia sobota 06 sierpnia 2005 18:49, Michal Moskal napisał:
> On 8/6/05, Tomasz Grobelny <tomasz at grobelny.oswiecenia.net> wrote:
> > 1. How secure is /dev/urandom? Is is closer to /dev/random or to rand()?
>
> It's far closer to /dev/random.
>
> In the second paragraph I explained it -- /dev/urandom is the same as
> /dev/random except it doesn't enforce that you read only as much as
> you (well, the kernel) write to it. So if it lacks new random data, it
> will generate it based on what's in the pool.
>
So it is hard enough to predict data that was read from /dev/urandom in the 
past? If so, maybe a patch for passwdgen to use /dev/urandom should be 
created?

> > 3. If /dev/urandom is supposed to be less secure but it is secure enough
> > (in current kernel implementation) should passwdgen use it? Yes, because
> > it works. No, because it could be insecure if kernel behaviour changes.
> > Other opinions?
>
> It cannot change to be less secure. It's part of the kernel API.
Does the API define how data coming from /dev/urandom is generated?
-- 
Regards,
Tomasz Grobelny



More information about the pld-devel-en mailing list