Date: Fri, 18 Jul 2014 16:42:06 -0400 (EDT) From: Benjamin Kaduk <kaduk@MIT.EDU> To: Andrey Chernov <ache@freebsd.org> Cc: freebsd-security@freebsd.org, Steven Chamberlain <steven@pyro.eu.org> Subject: Re: Speed and security of /dev/urandom Message-ID: <alpine.GSO.1.10.1407181639460.21571@multics.mit.edu> In-Reply-To: <53C9857D.6000806@freebsd.org> References: <53C85F42.1000704@pyro.eu.org> <53C9857D.6000806@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 18 Jul 2014, Andrey Chernov wrote:
> On 18.07.2014 3:41, Steven Chamberlain wrote:
>> Is there a good reason arc4random_buf() can't take bytes directly from
>> /dev/urandom or sysctl KERN_ARND? Therefore no longer needing to seed
>> first, periodically reseed, or use any stream cipher?
>
> One of the reason I hear is that true random entropy bits can be quickly
> exhausted if every userland program will drain them so much.
Once the DRBG is seeded with a sufficient amount of truly random bits
("entropy"), its output remains unpredictable essentially indefinitely.
There is no "loss" or "draining" of entropy from the system over time
unless the algorithm is lousy.
-Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.GSO.1.10.1407181639460.21571>