Date: Fri, 19 Sep 2003 09:02:37 +0100 From: Mark Murray <markm@freebsd.org> To: "Devon H. O'Dell" <dodell@sitetronics.com> Cc: freebsd-security@freebsd.org Subject: Re: [Fwd: Re: FreeBSD Security Advisory FreeBSD-SA-03:12.openssh] Message-ID: <200309190802.h8J82bfq006549@grimreaper.grondar.org> In-Reply-To: Your message of "Fri, 19 Sep 2003 03:28:31 %2B0200." <3F6A5BBF.3020102@sitetronics.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Devon H. O'Dell" writes: > If I'm not mistaken, /dev/random is a pseudo-random generator, which > means it has a certain period before it begins to repeat numbers (along > with that it just isn't truly random). So, please correct me if I'm > wrong, but doesn't this mean that when reading from /dev/random, you're > 'losing' randomness/entropy/whatever you're calling it? You are very mistaken indeed :-). In FreeBSD-4-*, /dev/random is an "entropy distiller", albeit not a very good one as it is not very conservative. On that system, /dev/urandom is a very complex PRNG, with the added feature of being perturbed by actual entropy. In FreeBSD-5-* there is no separate /dev/urandom, and /dev/random is driven by Yarrow (http://www.counterpane.com/yarrow/). This is a PRNG+entropy-harvester, and it it _very_ conservative. As long as _some_ entropy is being harvested, it is unlikely that either generator wil produce a repeating sequence _ever_. M -- Mark Murray iumop ap!sdn w,I idlaH
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309190802.h8J82bfq006549>