Re: strengthening /dev/urandom

From: Guy Macon (
Date: 09/01/04

Date: Tue, 31 Aug 2004 15:55:56 -0700

Mok-Kong Shen <> says...

>BTW, for practical purposes I would 'guess' that cases
>where one really 'objectively' needs lots of full (or
>extremely high concentration) entropy are fairly rare.
>Could someone kindly give a few examples where such true
>randomness couldn't be substituted with good pseudo-
>randomness, e.g. AES in CTR? Thanks.

I wouldn't venture to guess. I have been involved with
two crypto projects in my entire life, one of which
involved an OTP. In that case the crypto expert we hired
said that the only justification was that the customer
wanted it and didn't care about the cost - that an
off-he-shelf software-only system would have been fine.


Relevant Pages

  • Re: Extracting random data from static, for /dev/random
    ... it, but that just tests the randomness and throws it away if it fails, ... No, compression will NOT. ... it has low entropy and can therefore be compressed. ... they could crush what ever kind of crypto I'm trying to do ...
  • Re: Fortuna
    ... I certainly agree that information-theoretic security is a stated goal ... >state collisions (therby reducing pool entropy). ... start with any entropy, then information-theoretically secure randomness ... extraction is impossible -- at least in principle. ...
  • Re: Edible One-Time Pad books
    ... ent told me that the entropy per bit was 8.0 and the compressibility was ... supplied entropy value. ... randomness that would give useful, ...
  • Re: new /dev/random
    ... ]>> script prompts you to type a secret string). ... ]> and hard-code it into the kernel. ... ]The kernel and thus this randomness might be accessible to adversaries ... /dev/urandom without making sure that it has sufficient entropy to start ...
  • Re: [uml-devel] [PATCH 3/9] UML - "Hardware" random number generator
    ... drain the /dev/random entropy pool on a server (at least one that doesn't ... I'm just thinking about those UML hosting farms, ... entropy pool on the host machine almost immediately... ... how much "real" randomness it was getting and how much synthetic randomness, ...