Re: Big Prime number prolem.

From: Jean-Luc Cooke (
Date: 08/12/05

Date: 12 Aug 2005 13:03:17 GMT

Harlan Lieberman-Berg <> wrote:
> In my last post I advised against the using of /dev/urandom and favored
> /dev/random because it was /more/ secure. Isn't it true that using a
> finite order context modeler is /more/ secure than using a simple random
> number generator as /dev/urandom does when it runs out of random data from
> /dev/random? IBM believes so.

> "Output generated without random input is theoretically less secure than
> output generated from random input, so /dev/random should be used for
> applications for which a high level of confidence in the security of the
> output is required."


First of all, this is for AIX, not Linux. I'll claim ignorance in that
I don't know how similar AIX's /dev/{u}random is to Linux's.

If it's identical, I still wouldn't worry. If you're concered that
/dev/urandom's PRNG isn't secure enough to stretch 8kbits of seed into
enough kbits of matirial, then I suggest replacing it with Fortuna.

I welcome bug reports.

Fortuna using AES in CTR mode for PRNG output. Seed collecting and
state update is done usign 32 pools of SHA-256 hashs. The N-th pool is
used every 2^N reseeds. The AES in CTR mode is re-keyed at most every
0.1 sec and/or 10MB which ever comes first. If you can find the AES key
from the output of CTR mode, then you should we writting a paper or
breaking into banks.