Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #7207

Re: How good is security via hashing

From Paul Rubin <no.email@nospam.invalid>
Newsgroups comp.lang.python
Subject Re: How good is security via hashing
References <mailman.2524.1307441917.9059.python-list@python.org> <4d3945c6-6c0b-45e4-9d12-f6f50c09108b@ct4g2000vbb.googlegroups.com> <mailman.2529.1307449692.9059.python-list@python.org> <pan.2011.06.07.21.22.54.0@nowhere.com>
Date 2011-06-07 19:38 -0700
Message-ID <7xy61d59p6.fsf@ruckus.brouhaha.com> (permalink)
Organization Nightsong/Fort GNOX

Show all headers | View raw

Nobody <nobody@nowhere.com> writes:
> The problem with /dev/urandom is that it shares the same entropy pool as
> /dev/random, so you're "stealing" entropy which may be needed for tasks
> which really need it (e.g. generating SSL/TLS keys).

The most thorough analysis of Linux's /dev/*random that I know of is
here:

   http://www.pinkas.net/PAPERS/gpr06.pdf 

It says random and urandom use separate pools, though both fed from the
same primary pool.  The point is that reading from one should not
interfere with the other.

There have been interminable threads on sci.crypt about /dev/random vs
/dev/urandom and the sane conclusion seems to be that if there's enough
entropy in the system, /dev/urandom is not really worse than
/dev/random.  Any type of userspace randomness collection is probably
worse than either.  If you're doing typical low-to-medium security stuff
on traditional PC hardware (i.e. not virtualized, not something like
OpenWRT which has few real entropy sources), /dev/urandom is fine.  If
you don't believe in its cryptographic PRNG, you shouldn't believe in
OpenSSL either.

If you're doing high security stuff (server-side financial apps, etc.)
then /dev/urandom and /dev/random are both considered not good enough,
and your PC is probably leaking keys, so you should be using dedicated
crypto hardware.

> Personally, I'd take whatever "cheap" entropy I can get and hash it.
> If you're going to read from /dev/urandom, limit it to a few bytes per
> minute, not per request.

That's really not going to help you.

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

How good is security via hashing Robin Becker <robin@reportlab.com> - 2011-06-07 11:18 +0100
  Re: How good is security via hashing Jean-Paul Calderone <calderone.jeanpaul@gmail.com> - 2011-06-07 04:40 -0700
    Re: How good is security via hashing Robin Becker <robin@reportlab.com> - 2011-06-07 13:27 +0100
      Re: How good is security via hashing Paul Rubin <no.email@nospam.invalid> - 2011-06-07 06:00 -0700
      Re: How good is security via hashing Nobody <nobody@nowhere.com> - 2011-06-07 22:23 +0100
        Re: How good is security via hashing Paul Rubin <no.email@nospam.invalid> - 2011-06-07 19:38 -0700
          Re: How good is security via hashing Nobody <nobody@nowhere.com> - 2011-06-08 08:18 +0100
            Re: How good is security via hashing Paul Rubin <no.email@nospam.invalid> - 2011-06-08 00:40 -0700

csiph-web