Thread: Fw: Random strings

Fw: Random strings

From
"Joe Conway"
Date:
Below is the last message I sent (to patches) regarding the random string
function for contrib. Is there any interest in this? I don't mind changing
it per Peter's comments, but I don't want to bother if no one sees any value
in it. Comments?

-- Joe

----- Original Message -----
From: "Joe Conway" <joseph.conway@home.com>
To: "Peter Eisentraut" <peter_e@gmx.net>
Cc: "Dr. Evil" <drevil@sidereal.kz>; <pgsql-patches@postgresql.org>
Sent: Thursday, August 09, 2001 10:13 AM
Subject: Re: [PATCHES] Random strings


> > > seconds). The same test with /dev/urandom returns instantly. Perhaps
> there
> > > should be an option to use either. For instances where only a few
truly
> > > random bytes is needed (i.e. one session key), use /dev/random. When
you
> > > need many random bytes quickly, use /dev/urandom?
> >
> > Not sure if this is intuitive.  How many bytes is "a few"?  Maybe just
be
> > honest about it and name them randomstr and urandomstr or such.
> >
>
> In the patch that I sent last night, I explicitly limited /dev/random to
64
> bytes. I agree that this is not very intuitive, but for specific purposes,
> such as generating a session key for tripledes (24 byte/192 bit random
> string yielding 168 bits for a the key) periodically, it is quite useful.
> There's a tradeoff here between cryptographic strength (favoring
> /dev/random) and application performance (favoring /dev/urandom) that will
> vary significantly from application to application. It's nice to have the
> option depending on your needs.
>
> Having said that, I'm not married to the idea that we should provide
access
> to both /dev/random and /dev/urandom. I'd be happy to roll another patch,
> limited to just urandom, and renaming the function if you feel strongly
> about it. (should we move this discussion back to hackers to get a wider
> audience?)
>
> -- Joe
>




Re: Fw: Random strings

From
Doug McNaught
Date:
"Joe Conway" <joseph.conway@home.com> writes:

> > Having said that, I'm not married to the idea that we should provide
> access
> > to both /dev/random and /dev/urandom. I'd be happy to roll another patch,
> > limited to just urandom, and renaming the function if you feel strongly
> > about it. (should we move this discussion back to hackers to get a wider
> > audience?)

There was a long discussion on linux-kernel recently about the
difference between 'random' and 'urandom'.  The upshot seemed to be
that 'urandom' is Good Enough in 99% of the cases, since (as long as
the generator is seeded well at startup) attackers would have to break 
SHA1 in order to predict the output from it.  If someone has the
resources to do that you're basically screwed anyhow...

-Doug
-- 
Free Dmitry Sklyarov! 
http://www.freesklyarov.org/ 

We will return to our regularly scheduled signature shortly.