Speed and security of /dev/urandom
Benjamin Kaduk
kaduk at MIT.EDU
Fri Jul 18 20:42:18 UTC 2014
On Fri, 18 Jul 2014, Andrey Chernov wrote:
> On 18.07.2014 3:41, Steven Chamberlain wrote:
>> Is there a good reason arc4random_buf() can't take bytes directly from
>> /dev/urandom or sysctl KERN_ARND? Therefore no longer needing to seed
>> first, periodically reseed, or use any stream cipher?
>
> One of the reason I hear is that true random entropy bits can be quickly
> exhausted if every userland program will drain them so much.
Once the DRBG is seeded with a sufficient amount of truly random bits
("entropy"), its output remains unpredictable essentially indefinitely.
There is no "loss" or "draining" of entropy from the system over time
unless the algorithm is lousy.
-Ben
More information about the freebsd-security
mailing list