[16636] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

FreeBSD's urandom versus random

daemon@ATHENA.MIT.EDU (Ian G)
Wed Jan 5 17:41:43 2005

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 05 Jan 2005 16:57:45 +0000
From: Ian G <iang@systemics.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <01c801c4f2c0$763146c0$0200a8c0@em.noip.com>

While we're on the subject of /dev/[u]random, has anyone
looked at the new FreeBSD 5.3 version?  I recently installed
5.3, and much to my surprise they have got rid of the random
component, and are now only using the urandom part (they
have a symlink in place).

localhost$ ls -l /dev/*random
crw-rw-rw-  1 root  wheel  249,   0 Dec 26 11:41 /dev/random
lrwxr-xr-x  1 root  wheel         6 Dec 26 11:41 /dev/urandom -> random

localhost$ time dd if=/dev/random bs=1k count=100000 of=/dev/null
100000+0 records in
100000+0 records out
102400000 bytes transferred in 7.526354 secs (13605525 bytes/sec)

real    0m7.532s
user    0m0.125s
sys     0m6.979s

(Also, there is a startup script that asks for initial type-in
entropy on install - mine broke and didn't clearly indicate
its state...).

Personally, I quite liked the random v. urandom separation.
It gave you choice.  Now, I feel tempted to go back to doing
the entropy in my own code and not relying on FreeBSD,
because I lack a feel-good factor represented by the block
that occurs when entropy runs out.

But, these are ignorant, external speculations...


Enzo Michelangeli wrote:

>This "entropy depletion" issue keeps coming up every now and then, but I
>still don't understand how it is supposed to happen. If the PRNG uses a
>really non-invertible algorithm (or one invertible only with intractable
>complexity), its output gives no insight whatsoever on its internal state.
>As entropy is a measure of the information we don't have about the
>internal state of a system, it seems to me that in a good PRNGD its value
>cannot be reduced just by extracting output bits. If there is an entropy
>estimator based on the number of bits extracted, that estimator must be

News and views on what matters in finance+crypto:

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post