Message 5987 - Python tracker

Author	nobody
Recipients
Date	2002-10-10.08:39:51
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to

Content
Logged In: NO Using /dev/random for a user level application is inappropriate. Use /dev/urandom instead. /dev/random actually tries to suck entropy out of the entropy pool, and blocks if there's not enough. It's best to make sure there's sufficient initial entropy in the pool, then use /dev/urandom which uses the existing entropy to seed a CPRNG. Assuming the CPRNG is properly designed, /dev/urandom should be fine for OpenSSL, since if someone magically breaks the cryptography in the CPRNG then they can probably break OpenSSL's cryptography the same way. --phr

Logged In: NO 

Using /dev/random for a user level application is
inappropriate.  Use /dev/urandom instead.
/dev/random actually tries to suck entropy out of the
entropy pool, and blocks if there's
not enough.  It's best to make sure there's sufficient
initial entropy in the pool, then use
/dev/urandom which uses the existing entropy to seed a
CPRNG.  Assuming the CPRNG
is properly designed, /dev/urandom should be fine for
OpenSSL, since if someone magically
breaks the cryptography in the CPRNG then they can probably
break OpenSSL's cryptography
the same way.  --phr

History
Date	User	Action	Args
2007-08-23 13:55:47	admin	link	issue451607 messages
2007-08-23 13:55:47	admin	create