passwdgen

[Michal Moskal]

On 8/6/05, Tomasz Grobelny <tomasz at grobelny.oswiecenia.net> wrote:
> Dnia sobota 06 sierpnia 2005 18:49, Michal Moskal napisał:
> > On 8/6/05, Tomasz Grobelny <tomasz at grobelny.oswiecenia.net> wrote:
> > > 1. How secure is /dev/urandom? Is is closer to /dev/random or to rand()?
> >
> > It's far closer to /dev/random.
> >
> > In the second paragraph I explained it -- /dev/urandom is the same as
> > /dev/random except it doesn't enforce that you read only as much as
> > you (well, the kernel) write to it. So if it lacks new random data, it
> > will generate it based on what's in the pool.
> >
> So it is hard enough to predict data that was read from /dev/urandom in the
> past? 

I would say so. But maybe I'm not paranoid ENOUGH.

> If so, maybe a patch for passwdgen to use /dev/urandom should be
> created?

Maybe a flag?

> > > 3. If /dev/urandom is supposed to be less secure but it is secure enough
> > > (in current kernel implementation) should passwdgen use it? Yes, because
> > > it works. No, because it could be insecure if kernel behaviour changes.
> > > Other opinions?
> >
> > It cannot change to be less secure. It's part of the kernel API.
> Does the API define how data coming from /dev/urandom is generated?

man urandom:

       When  read,  /dev/urandom  device  will  return  as  many  bytes as are
       requested.  As a result, if there is  not  sufficient  entropy  in  the
       entropy  pool,  the  returned  values are theoretically vulnerable to a
       cryptographic attack on the algorithms used by the  driver.   Knowledge
       of how to do this is not available in the current non-classified liter-
       ature, but it is theoretically possible that such an attack may  exist.
       If this is a concern in your application, use /dev/random instead.

-- 
   Michal Moskal,
   http://nemerle.org/~malekith/