Disk Partition

Thomas Jones admin at buddhalinux.org
Sat Oct 8 02:00:47 CEST 2005


markus reichelt wrote:
> * Thomas Jones <admin at buddhalinux.org> wrote:
>
>   
>>> on a sidenote, using /dev/urandom is a bad idea. f.e. the standard
>>> slackware install and other distros as well have the following code
>>> (or something similar) in /etc/rc.d/rc.S:
>>>  
>>>       
>> The above statement, although worthwhile, is not well founded. I
>> think it would be better to restate that randomization through
>> utilization of SOME pseudo-random generators is not recommended. Or
>> maybe even that some are more recommended than others.
>>     
>
> The thing is that re-using pseudo-random data after each reboot and
> calling that improvement of randomness is ... quite amusing at best
> to me. It's not that it's about the quality of randomness, it's the
> plain and simple fact that pseudo-random data (of whatever quality)
> is reused and that should not happen when it comes to crypto stuff.
>
> Don't know how well founded you need that, but I'm listening :)
>   
The use of prng generated data to seed another prng function is utilized 
to compute data that is inherently random from the previous generation.

Now this is not to say that it is truly random. Only that it is 
"sufficiently" random to provide for security of a particular resource.

For instance, there are such entities such as cryptographically secure 
prng; also known as csprng. A few instances of these entities are block 
ciphers such as 3des, aes, and the idea algorithms in cbc mode of operation.

Surely, you are not stating that the above are not cryptographically 
secure even though they utilize prng seeds? ;)

Thomas



More information about the Gnupg-users mailing list