Re: strengthening /dev/urandom

From: Tom St Denis (tomstdenis_at_iahu.ca)
Date: 08/20/04

• Next message: Liwp: "Re: strengthening /dev/urandom"
• Previous message: Guy Macon: "Re: strengthening /dev/urandom"
• In reply to: William Ahern: "Re: strengthening /dev/urandom"
• Next in thread: Paul Rubin: "Re: strengthening /dev/urandom"
• Reply: Paul Rubin: "Re: strengthening /dev/urandom"
• Reply: Mok-Kong Shen: "Re: strengthening /dev/urandom"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 19 Aug 2004 22:22:12 GMT

William Ahern wrote:

> Jean-Luc Cooke <jlcooke@engsoc.org> wrote:
>> Mok-Kong Shen <mok-kong.shen@t-online.de> wrote:
>> > If that task cannot be fulfilled in principle, then
>> > one should throw away /dev/urandom. Now the user is
>> > left with using PRNGs. But why do you think that a
>> > particular PRNG is so good that you could recommend
>> > to all users? (Should everyone accept your authoritative
>> > opinion?)
>
>> Absolutly not. David Wagner in this monster-thread recomended it as
>> well. And deeping googling will tell you the same: Fortuna is the
>> state-of-the-art as far as PRNGs go today.
>
> Nobody is doubting that Fortuna is strong. The point is that /dev/random
> shouldn't be a PRNG. On my machine it's effectively an RNG since I have a
> hardware random number generator (and if the implementation of providing
> the real randomness provided by my hardware is broken, it should be fixed;
> Fortuna shouldn't be simply dropped in as a stop-gap measure). If you make
> /dev/random a PRNG using Fortuna, how exactly do I access my hardware RNG?

As I understand the code /dev/random isn't an RNG. True RNG support is
provided by other /dev/<name> virtual files. /dev/random is just a PRNG
which *happens to* block when it *guesses* it lacks the entropy required.
The actual output of /dev/random is not the input verbatim. It's the
output of SHA-1 folded in half. The input to SHA-1 is the LFSR pool after
mixing in the actual random data.

That isn't an RNG.

Nothing is stopping you from dd'ing your true RNG device into Fortuna [or
simply using your device itself if you don't need any speed] to get some
quality entropy in the mix.
 
<snip>

Tom

---

• Next message: Liwp: "Re: strengthening /dev/urandom"
• Previous message: Guy Macon: "Re: strengthening /dev/urandom"
• In reply to: William Ahern: "Re: strengthening /dev/urandom"
• Next in thread: Paul Rubin: "Re: strengthening /dev/urandom"
• Reply: Paul Rubin: "Re: strengthening /dev/urandom"
• Reply: Mok-Kong Shen: "Re: strengthening /dev/urandom"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: strengthening /dev/urandom ... >>hardware random number generator (and if the implementation of providing ... > That isn't an RNG. ... > Nothing is stopping you from dd'ing your true RNG device into Fortuna [or ... If /dev/random is a PRNG, then I propose to remove it ... (sci.crypt) [patch 2/6] New Generic HW RNG (#2) ... Add a new generic H/W RNG core. ... +config HW_RANDOM ... +# Makefile for HW Random Number Generator device drivers. ... * struct hwrng - Hardware Random Number Generator driver ... (Linux-Kernel) Re: [PATCH] hw_random: add quality categories ... RNG because it is not a hardware random number generator at all! ... So we're down to one bit distinguishing real RNGs from pseudo RNGs. ... (Linux-Kernel) Re: i810_rng.o on various Dell models ... > numerous Dell models I've tried) is that the motherboards actually lack the ... > hardware random number generator. ... Intel's RNG was slow anyway, compared to the AMG and now VIA RNGs, so ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)