[Fwd: Re: FreeBSD Security Advisory FreeBSD-SA-03:12.openssh]
Mark Murray
markm at freebsd.org
Fri Sep 19 05:28:54 PDT 2003
"Devon H. O'Dell" writes:
> If I'm not mistaken, /dev/random is a pseudo-random generator, which
> means it has a certain period before it begins to repeat numbers (along
> with that it just isn't truly random). So, please correct me if I'm
> wrong, but doesn't this mean that when reading from /dev/random, you're
> 'losing' randomness/entropy/whatever you're calling it?
You are very mistaken indeed :-).
In FreeBSD-4-*, /dev/random is an "entropy distiller", albeit not a very
good one as it is not very conservative. On that system, /dev/urandom is
a very complex PRNG, with the added feature of being perturbed by actual
entropy.
In FreeBSD-5-* there is no separate /dev/urandom, and /dev/random is
driven by Yarrow (http://www.counterpane.com/yarrow/). This is a
PRNG+entropy-harvester, and it it _very_ conservative. As long as
_some_ entropy is being harvested, it is unlikely that either generator
wil produce a repeating sequence _ever_.
M
--
Mark Murray
iumop ap!sdn w,I idlaH
More information about the freebsd-security
mailing list