Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #7220
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!border3.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!news-out.octanews.net!indigo.octanews.net!auth.brown.octanews.com.POSTED!not-for-mail |
|---|---|
| From | Paul Rubin <no.email@nospam.invalid> |
| Newsgroups | comp.lang.python |
| Subject | Re: How good is security via hashing |
| References | <mailman.2524.1307441917.9059.python-list@python.org> <4d3945c6-6c0b-45e4-9d12-f6f50c09108b@ct4g2000vbb.googlegroups.com> <mailman.2529.1307449692.9059.python-list@python.org> <pan.2011.06.07.21.22.54.0@nowhere.com> <7xy61d59p6.fsf@ruckus.brouhaha.com> <pan.2011.06.08.07.18.27.438000@nowhere.com> |
| Date | Wed, 08 Jun 2011 00:40:33 -0700 |
| Message-ID | <7xd3io3h5a.fsf@ruckus.brouhaha.com> (permalink) |
| Organization | Nightsong/Fort GNOX |
| User-Agent | Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux) |
| Cancel-Lock | sha1:gjrxjlS9DkCqZaru/Ap0a8ZpPUE= |
| MIME-Version | 1.0 |
| Content-Type | text/plain; charset=us-ascii |
| Lines | 21 |
| NNTP-Posting-Date | 08 Jun 2011 02:40:39 CDT |
| X-Complaints-To | abuse@octanews.net |
| Xref | x330-a1.tempe.blueboxinc.net comp.lang.python:7220 |
Show key headers only | View raw
Nobody <nobody@nowhere.com> writes: >>> If you're going to read from /dev/urandom, limit it to a few bytes per >>> minute, not per request. >> That's really not going to help you. > In what way? > If I need security, I'll use /dev/random or /dev/urandom. If I don't, I'll > save the real entropy for something which needs it. I just mean that if /dev/urandom has enough internal state then within practical bounds, its output is effectively random no matter how much you read from it. Did you look at the paper I linked? "Saving" the "real entropy" isn't feasible since the maximum capacity of the two "real" entropy pools is 4096 bits each. They will both fill pretty quickly on an active system. Reading /dev/urandom will empty the primary pool but /dev/random is fed by the secondary pool, which receives entropy from both the primary pool and physical sources. If you read too fast from /dev/urandom, the worst that happens (if I understand correctly) is that the rate you can read from /dev/random is cut in half and it will block more often. If that's a serious issue for your application, you should probably rethink your approach and get an HSM.
Back to comp.lang.python | Previous | Next — Previous in thread | Find similar | Unroll thread
How good is security via hashing Robin Becker <robin@reportlab.com> - 2011-06-07 11:18 +0100
Re: How good is security via hashing Jean-Paul Calderone <calderone.jeanpaul@gmail.com> - 2011-06-07 04:40 -0700
Re: How good is security via hashing Robin Becker <robin@reportlab.com> - 2011-06-07 13:27 +0100
Re: How good is security via hashing Paul Rubin <no.email@nospam.invalid> - 2011-06-07 06:00 -0700
Re: How good is security via hashing Nobody <nobody@nowhere.com> - 2011-06-07 22:23 +0100
Re: How good is security via hashing Paul Rubin <no.email@nospam.invalid> - 2011-06-07 19:38 -0700
Re: How good is security via hashing Nobody <nobody@nowhere.com> - 2011-06-08 08:18 +0100
Re: How good is security via hashing Paul Rubin <no.email@nospam.invalid> - 2011-06-08 00:40 -0700
csiph-web