23 Jul
2013
23 Jul
'13
10:49 a.m.
Why not use /dev/random, instead of "ensuring you have entropy"
/dev/random limits the output size to the estimated entropy. So it has abysmal performance unless there are high performance entropy sources available. After the initial seeding this gains very little security in practice. /dev/urandom unblocks before it has sufficient entropy on some systems. So it's not guaranteed to be secure and sometimes fails in practice. What you normally want is a source that blocks after boot until it has accumulated enough initial entropy (say 256 bits), and then never blocks again. It's not like a good PRNG gets weaker as more data is read from it when your adversaries are computationally bounded.