Re: Getting randomic integers

[Florian Weimer <fw@...>]

* David Given:

> On 17/01/10 19:27, Florian Weimer wrote:
> [...]
>>> /dev/urandom is a variant of /dev/random that, when the entropy pool is
>>> empty, will return fake random numbers generated with a PRNG. As such it
>>> is not suitable for crypto purposes.
>> 
>> This is not true, the data is perfectly usable for almost any purpose
>> (unless there are bugs or breathtaking advancements in the open crypto
>> literature).
>
> Hey, I'm just paraphrasing the man page:

The manpage is somewhat misleading.

> I'll agree that the chance of anybody successfully exploiting
> /dev/urandom's lack-of-randomness are so close to nil as not to be worth
> worrying about, but when dealing with cryptography one always equates
> 'theoretically possible' to 'danger, Will Robinson!'.

IIRC, there have been issues due to insufficient seeding, but they
also affected /dev/random.

> reading numbers directly from /dev/random. This had the entertaining
> result that some games would run for five seconds and then lock up until
> you touched the mouse.

Heh, that must have been a while ago.  I think the entropy estimates
for mouse movements have since been corrected, decreasing them
significantly.