[Cryptography-dev] OpenSSL Random Engine PR
Jean-Paul Calderone
jean-paul at hybridcluster.com
Mon Jan 20 23:11:49 CET 2014
On 01/20/2014 03:51 PM, Paul Kehrer wrote:
> On Monday, January 20, 2014 at 1:26 PM, Jean-Paul Calderone wrote:
>> Since the idea is to use urandom, this won't cause a problem as
>> obvious as blocking the SSL server waiting for more entropy. It will
>> exhaust what the system (at least on Linux, I don't know much about
>> urandom on other platforms) considers the actual amount of available
>> entropy. This may mean that any other process that really wants
>> /dev/random may be unable to operate.
>>
Sorry, I think I was unclear here. I don't care about the blocking vs
non-blocking nature of urandom and random. I used "/dev/random" to
represent the idea of a higher-quality random source (as compared to
/dev/urandom).
I care about the idea that reading a lot of entropy from either device
(again, it doesn't matter which) results in "draining the entropy
pool". It sounds like some responders think that "draining the entropy
pool" isn't a real thing that can happen and should be ignored. Fine,
that's a coherent response. It's somewhat in contrast with (well,
directly contradicts) the /dev/urandom man page for Linux but I can
accept that the people who wrote that may have been mistaken. :) If
that's really what people are saying here?
Also, this makes me curious - which device did the people on this list
use to generate their private GPG/SSH/SSL/etc keys? /dev/random or
/dev/urandom?
Jean-Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20140120/2ab5015e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20140120/2ab5015e/attachment.sig>
More information about the Cryptography-dev
mailing list