Date: Sat, 19 Jul 2014 18:24:57 -0400 (EDT) From: Benjamin Kaduk <kaduk@MIT.EDU> To: Steven Chamberlain <steven@pyro.eu.org> Cc: Ben Laurie <benl@freebsd.org>, "freebsd-security@freebsd.org security" <freebsd-security@freebsd.org> Subject: Re: Speed and security of /dev/urandom Message-ID: <alpine.GSO.1.10.1407191822450.21571@multics.mit.edu> In-Reply-To: <53CAEB1E.2020401@pyro.eu.org> References: <53C85F42.1000704@pyro.eu.org> <CAG5KPzxVaTEmDq9F9BFGQGWTGGWKZ7kZhgkPQTZ3c2-iWmcZzw@mail.gmail.com> <53CAEB1E.2020401@pyro.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 19 Jul 2014, Steven Chamberlain wrote: > Or if we're worried about draining entropy too quickly from the CSPRNG, > a non-privileged user could do that anyway from /dev/urandom, or it may > happen when a server doing crypto work is under stress? Can we please disabuse ourselves of the notion that entropy can be "drained too quickly" (or even drained at all) from the CSPRNG? Once properly seeded, it produces unpredictable bits. Period. It does not matter how many bits are output (well, for achievable quantities of output); the bits are still unpredictable. -Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.GSO.1.10.1407191822450.21571>