admin at buddhalinux.org
Sat Oct 8 02:00:47 CEST 2005
markus reichelt wrote:
> * Thomas Jones <admin at buddhalinux.org> wrote:
>>> on a sidenote, using /dev/urandom is a bad idea. f.e. the standard
>>> slackware install and other distros as well have the following code
>>> (or something similar) in /etc/rc.d/rc.S:
>> The above statement, although worthwhile, is not well founded. I
>> think it would be better to restate that randomization through
>> utilization of SOME pseudo-random generators is not recommended. Or
>> maybe even that some are more recommended than others.
> The thing is that re-using pseudo-random data after each reboot and
> calling that improvement of randomness is ... quite amusing at best
> to me. It's not that it's about the quality of randomness, it's the
> plain and simple fact that pseudo-random data (of whatever quality)
> is reused and that should not happen when it comes to crypto stuff.
> Don't know how well founded you need that, but I'm listening :)
The use of prng generated data to seed another prng function is utilized
to compute data that is inherently random from the previous generation.
Now this is not to say that it is truly random. Only that it is
"sufficiently" random to provide for security of a particular resource.
For instance, there are such entities such as cryptographically secure
prng; also known as csprng. A few instances of these entities are block
ciphers such as 3des, aes, and the idea algorithms in cbc mode of operation.
Surely, you are not stating that the above are not cryptographically
secure even though they utilize prng seeds? ;)
More information about the Gnupg-users