passwdgen

Tomasz Grobelny tomasz at grobelny.oswiecenia.net
Sat Aug 6 19:57:37 CEST 2005 

Dnia sobota 06 sierpnia 2005 19:26, Michal Moskal napisał:
> On 8/6/05, Tomasz Grobelny <tomasz at grobelny.oswiecenia.net> wrote:
> > Dnia sobota 06 sierpnia 2005 18:49, Michal Moskal napisał:
> > > On 8/6/05, Tomasz Grobelny <tomasz at grobelny.oswiecenia.net> wrote:
> > > > 1. How secure is /dev/urandom? Is is closer to /dev/random or to
> > > > rand()?
> > >
> > > It's far closer to /dev/random.
> > >
> > > In the second paragraph I explained it -- /dev/urandom is the same as
> > > /dev/random except it doesn't enforce that you read only as much as
> > > you (well, the kernel) write to it. So if it lacks new random data, it
> > > will generate it based on what's in the pool.
> >
> > So it is hard enough to predict data that was read from /dev/urandom in
> > the past?
>
> I would say so. But maybe I'm not paranoid ENOUGH.
>
Other opinions?

> > If so, maybe a patch for passwdgen to use /dev/urandom should be
> > created?
>
> Maybe a flag?
>
System wide? Or command line switch?

> > > > 3. If /dev/urandom is supposed to be less secure but it is secure
> > > > enough (in current kernel implementation) should passwdgen use it?
> > > > Yes, because it works. No, because it could be insecure if kernel
> > > > behaviour changes. Other opinions?
> > >
> > > It cannot change to be less secure. It's part of the kernel API.
> >
> > Does the API define how data coming from /dev/urandom is generated?
>
> man urandom:
>
>        When  read,  /dev/urandom  device  will  return  as  many  bytes as
> are requested.  As a result, if there is  not  sufficient  entropy  in  the
> entropy  pool,  the  returned  values are theoretically vulnerable to a
> cryptographic attack on the algorithms used by the  driver.   Knowledge of
> how to do this is not available in the current non-classified liter- ature,
> but it is theoretically possible that such an attack may  exist. If this is
> a concern in your application, use /dev/random instead.
But it doesn't say how data is generated. It just says that in some 
circumstances it may be of lower security. But still we don't know how often 
it can happen, how much lower the security will be and so on. It is up to 
implementation, not API.
Another question is: does /dev/random have to be so slow? Are any patches 
applied to it's code in PLD kernel that could slow it down? It's just I don't 
believe that author of passwdgen wrote a program that needs hours to produce 
a 10 character password on average system...
-- 
Regards,
Tomasz Grobelny

More information about the pld-devel-en mailing list