Re: Randomness using computers

On 10/01/2011 10:19, Kristian Gjøsteen wrote:

You build an application that relies on a source of bits, and you
prove that the application is secure (for some value of secure)
provided the source of bits provides random bits.

Now, I claim that you can replace that source of bits with a
properly designed /dev/urandom, and your application will remain

Is the implementation of /dev/urandom in (say) Debian Linux "properly

Does it remain "properly designed" in the event that the system it's
running on has an empty "entropy" pool (i.e. /dev/random has dried up)?

Is it still "properly designed" if it is running off a Live CD, so that
the initial pool is identical each time the machine starts?

Why? By the assumption of proper design, the output bits of
/dev/urandom should be indistinguishable from random bits. If your
application becomes insecure when the random source is replaced by
/dev/urandom, then that application plus the attack on that
application is essentially a distinguisher for /dev/urandom, which
should not exist by the initial assumption. It follows that your
application should not become insecure by replacing the random source
with /dev/urandom.

Thanks, that's very clear; I can follow that reasoning.


Relevant Pages

  • Waiting for a subprocess to exit
    ... I'm looking to replace some usages of ‘os.system’ with the more secure ... The module documentation has a section on replacing ‘os.system’ ...
  • Carol Ann: Calabasas area princess
    ... All the women in my home now and my home back then pay the bills just ... "insecure" men: can't live without them and need 'em to survive. ... You said that democratic men were secure. ... Er, Baldwin is a DEMOCRAT. ...
  • Re: Buying vs Selling
    ... So, you're not a *secure* man, eh Mark? ... YOU had to buy a wife ... insecure to "buy" a wife from a foreign land versus local? ... that's an "insecure" person. ...
  • Re: Ultra-secure to open net connect without data leak
    ... >How can one connect an ultra-secure data network area to an insecure network ... >without ANY chance of data leaking from secure to insecure. ... the handshake lines can carry ...
  • Re: Inviting malware
    ... long enough to make sure patches are up to date. ... So then the complete documentation on IE/OE group policies and their effective security design criteria are imagination? ... My point was that ms products are not secure. ... I know only exactly two supported Microsoft product which are considered as insecure, but are not documented to be insecure in untrusted environments: Windows 2000 and IIS. ...