Speed and security of /dev/urandom
Paul Hoffman
paul.hoffman at vpnc.org
Fri Jul 18 18:28:22 UTC 2014
On Jul 18, 2014, at 11:19 AM, Leif Pedersen <bilbo at hobbiton.org> wrote:
> The extra readers interrupt the position of the stream, so that it is harder to predict the next value. This only works if one instance of the PRNG is shared by multiple readers, rather than each reader operating in isolation.
If there was a non-zero chance that an attacker could predict the next value, your PRNG was already broken. Two of the fundamental properties of a working PRNG is that if an attacker sees any number of outputs from the PRNG, the attacker cannot compute any previous values and the attacker cannot predict any future values.
--Paul Hoffman
More information about the freebsd-security
mailing list