From owner-freebsd-security@FreeBSD.ORG  Fri Jul 18 18:28:22 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C240193D
 for <freebsd-security@freebsd.org>; Fri, 18 Jul 2014 18:28:22 +0000 (UTC)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM
 [IPv6:2605:8e00:100:41::81])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 98AC120E9
 for <freebsd-security@freebsd.org>; Fri, 18 Jul 2014 18:28:22 +0000 (UTC)
Received: from [10.20.30.90] (50-1-51-60.dsl.dynamic.fusionbroadband.com
 [50.1.51.60]) (authenticated bits=0)
 by hoffman.proper.com (8.14.8/8.14.7) with ESMTP id s6IISJnN083835
 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO);
 Fri, 18 Jul 2014 11:28:20 -0700 (MST)
 (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host
 50-1-51-60.dsl.dynamic.fusionbroadband.com [50.1.51.60] claimed to be
 [10.20.30.90]
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Subject: Re: Speed and security of /dev/urandom
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <CAK-wPOhuh_XUpQ9OZXB1UZjz6wQF=8gO2thWiBu9i3tt+Kt7mQ@mail.gmail.com>
Date: Fri, 18 Jul 2014 11:28:18 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <C9E21765-D47F-4D98-8C7A-FCD9922FD072@vpnc.org>
References: <53C85F42.1000704@pyro.eu.org>
 <4E23BEEA-693A-4FA3-BE94-9BB82B49503A@vpnc.org>
 <CAK-wPOhuh_XUpQ9OZXB1UZjz6wQF=8gO2thWiBu9i3tt+Kt7mQ@mail.gmail.com>
To: Leif Pedersen <bilbo@hobbiton.org>
X-Mailer: Apple Mail (2.1878.6)
X-Mailman-Approved-At: Fri, 18 Jul 2014 21:52:22 +0000
Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>,
 Steven Chamberlain <steven@pyro.eu.org>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jul 2014 18:28:22 -0000

On Jul 18, 2014, at 11:19 AM, Leif Pedersen <bilbo@hobbiton.org> wrote:

> The extra readers interrupt the position of the stream, so that it is =
harder to predict the next value. This only works if one instance of the =
PRNG is shared by multiple readers, rather than each reader operating in =
isolation.

If there was a non-zero chance that an attacker could predict the next =
value, your PRNG was already broken. Two of the fundamental properties =
of a working PRNG is that if an attacker sees any number of outputs from =
the PRNG, the attacker cannot compute any previous values and the =
attacker cannot predict any future values.=20

--Paul Hoffman=