[Cryptography-dev] OpenSSL Random Engine PR
Laurens Van Houtven
_ at lvh.io
Tue Jan 21 00:06:54 CET 2014
On Mon, Jan 20, 2014 at 11:11 PM, Jean-Paul Calderone <
jean-paul at hybridcluster.com> wrote:
> I care about the idea that reading a lot of entropy from either device
> (again, it doesn't matter which) results in "draining the entropy pool".
> It sounds like some responders think that "draining the entropy pool" isn't
> a real thing that can happen and should be ignored. Fine, that's a
> coherent response. It's somewhat in contrast with (well, directly
> contradicts) the /dev/urandom man page for Linux but I can accept that the
> people who wrote that may have been mistaken. :) If that's really what
> people are saying here?
>
Draining the entropy pool can happen, but not as a direct consequence of
using urandom as suggested here. It's particularly likely to happen in
pathological edge cases such as new VMs with no access to a hardware RNG or
embedded devices, less likely in the production server scenario outlined
earlier in this thread. It can happen, but using a userspace RNG doesn't
really immunize you from that problem.
Also, this makes me curious - which device did the people on this list use
> to generate their private GPG/SSH/SSL/etc keys? /dev/random or
> /dev/urandom?
>
On, OS X or FreeBSD, so, those are the same device for me.
There's one more argument for the userspace CSPRNG that I forgot, but it is
again unconvincing: you can limit the number of reads you do, and hence
syscalls you make. I find it unconvincing because it's a performance
argument, and AFAICT no-one is actually having urandom reads be a
significant factor anywhere :)
hth
lvh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20140121/6ea37d77/attachment.html>
More information about the Cryptography-dev
mailing list