11. True Randomness
● counters that detect radioactive decay
● the timing of actual movements of a hard disk
read/write head
● webcam/audio static noise
12. dev/random
● od -A n -N 2 -t u2 /dev/random
● od -A n -N 2 -t u2 /dev/urandom
13. man urandom
A read from the /dev/urandom device will not block
waiting for more entropy. As a result, if there is not
sufficient entropy in the entropy pool, the returned
values are theoretically vulnerable to a cryptographic
attack on the algorithms used by the driver.
Knowledge of how to do this is not available in the
current unclassified literature, but it is theoretically
possible that such an attack may exist. If this is a
concern in your application, use /dev/random instead.
14. Random vs URandom
● URandom is a pseudo random number
generator
● Random is a true random number generator
15.
16.
17. What about entropy running low?
● It doesn't matter.
● The underlying cryptographic building blocks
are designed such that an attacker cannot
predict the outcome, as long as there was
enough randomness (256 bits).
18. Why is Re-seeding so important?
● If you've got more randomness just lying
around, by all means use it!
19. man urandom
If you are unsure about whether you should
use /dev/random or /dev/urandom, then
probably you want to use the latter. As a
general rule, /dev/urandom should be used for
everything except long-lived GPG/SSL/SSH
keys.
20. Not everything is perfect
● On Linux, unlike FreeBSD, /dev/urandom
never blocks.
● Linux's /dev/urandom happily gives you not-
so-random numbers before the kernel even
had the chance to gather entropy.
● FreeBSD doesn't have the distinction between
/dev/random and /dev/urandom, both are the
same device.
21. Not everything is perfect
● Linux distributions save some random numbers when booting
up the system (but after they have gathered some entropy,
since the startup script doesn't run immediately after
switching on the machine) into a seed file that is read next
time the machine is booting.
● Linux has implemented a new syscall, originally introduced by
OpenBSD as getentropy(2): getrandom(2). This syscall does
the right thing: blocking until it has gathered enough initial
entropy, and never blocking after that point.
22. When is low entropy a problem?
● It used to be a problem for devices with no
interface for human interaction when the
entropy collector relied solely on than
● Today, virtual machines can have this issue if
they are being cloned or restored to a
checkpoint.