Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.lang.python > #103481

Re: Make a unique filesystem path, without creating the file

From Marko Rauhamaa <marko@pacujo.net>
Newsgroups comp.lang.python
Subject Re: Make a unique filesystem path, without creating the file
Date 2016-02-25 08:54 +0200
Organization A noiseless patient Spider
Message-ID <87a8mpjn40.fsf@elektro.pacujo.net> (permalink)
References (11 earlier) <56cba8c7$0$1611$c3e8da3$5496439d@news.astraweb.com> <877fhvnch0.fsf@elektro.pacujo.net> <56cd09f9$0$1620$c3e8da3$5496439d@news.astraweb.com> <87a8mqlgkz.fsf@elektro.pacujo.net> <56ce9350$0$1599$c3e8da3$5496439d@news.astraweb.com>

Show all headers | View raw


Steven D'Aprano <steve+comp.lang.python@pearwood.info>:

> On Wednesday 24 February 2016 18:20, Marko Rauhamaa wrote:
>> Steven D'Aprano <steve@pearwood.info>:
>>> And that is where you repeat something which is rank superstition.
>> 
>> Can you find info to back that up. 
>
> The links already provided go through the evidence. For example, they 
> explain that /dev/random and /dev/urandom both use the exact same
> CSPRNG.

A non-issue. The question is, after the initial entropy is collected and
used to seed the CSPRNG, is any further entropy needed for any
cryptographic purposes? Are there any nagging fears that weaknesses
could be found in the deterministic sequence?

/dev/random is supposed to be hardened against such concerns by stirring
the pot constantly (if rather slowly).

Here's what Linus Torvalds said on the matter years back:

   > No, it says /dev/random is primarily useful for generating large
   > (>>160 bit) keys.

   Which is exactly what something like sshd would want to use for
   generating keys for the machine, right? That is _the_ primary reason
   to use /dev/random.

   Yet apparently our /dev/random has been too conservative to be
   actually useful, because (as you point out somewhere else) even sshd
   uses /dev/urandom for the host key generation by default.

   That is really sad. That is the _one_ application that is common and
   that should really have a reason to maybe care about /dev/random vs
   urandom. And that application uses urandom. To me that says that
   /dev/random has turned out to be less than useful in real life.

   Is there anything that actually uses /dev/random at all (except for
   clueless programs that really don't need to)?

   <URL: http://article.gmane.org/gmane.linux.kernel/47437>

> If you don't trust the CSPRNG, then you shouldn't trust it whether it comes 
> from /dev/random or /dev/urandom. If you do trust it, then why would you 
> want it to block? Blocking doesn't make it more random.

It might not make it more secure cryptographically, but the point is
that it should make it more genuinely random.

> That's not how it works. It just makes you vulnerable to a Denial Of
> Service attack.

Understood. You should not use /dev/random for any reactive purposes
(like nonces or session encryption keys).

> There's that myth about urandom being "less random" than random again,
> but even this guy admits that the difference is "extremely hard"
> (actually: impossible) to measure, and that CSPRNG's "work". Which is
> precisely why OpenBSD uses arc4random for their /dev/random and
> /dev/urandom, and presumably why he wants to bring it to Linux.

That's for the cryptographic experts to judge. CSPRNG's aren't always as
CS as one would think:

   In December 2013, a Reuters news article alleged that in 2004, before
   NIST standardized Dual_EC_DRBG, NSA paid RSA Security $10 million in
   a secret deal to use Dual_EC_DRBG as the default in the RSA BSAFE
   cryptography library, which resulted in RSA Security becoming the
   most important distributor of the insecure algorithm.

   <URL: https://en.wikipedia.org/wiki/Dual_EC_DRBG>

> The bottom line is, nobody can distinguish the output of urandom and
> random (apart from the blocking behaviour). Nobody has demonstrated
> any way to distinguish the output of either random or urandom from
> "actual randomness". There are theoretical attacks on urandom that
> random might be immune to, but if so, I haven't heard what they are.

What I'm looking for is a cryptography mailing list (or equivalent)
giving their stamp of approval. As can be seen above, NIST ain't it.

It seems, though, that cryptography researchers are not ready to declare
any scheme void of vulnerabilities. At best they can mention that there
are no *known* vulnerabilities.

> What evidence do they give that /dev/urandom is weak? If it is weak,
> why are they using it as the default?

It's a big mess, but not a mess I would disentangle. Once the crypto
libraries, utilities, facilities and the OS come to a consensus, I can
hope they've done their homework. As it stands, the STRONG vs VERY
STRONG dichotomy seems to be alive all over the place.


Marko

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread


Thread

Re: Make a unique filesystem path, without creating the file Ethan Furman <ethan@stoneleaf.us> - 2016-02-22 10:11 -0800
  Re: Make a unique filesystem path, without creating the file Jon Ribbens <jon+usenet@unequivocal.co.uk> - 2016-02-22 18:17 +0000
    Re: Make a unique filesystem path, without creating the file Chris Angelico <rosuav@gmail.com> - 2016-02-23 05:25 +1100
      Re: Make a unique filesystem path, without creating the file Jon Ribbens <jon+usenet@unequivocal.co.uk> - 2016-02-22 18:39 +0000
        Re: Make a unique filesystem path, without creating the file Marko Rauhamaa <marko@pacujo.net> - 2016-02-22 20:48 +0200
          Re: Make a unique filesystem path, without creating the file Steven D'Aprano <steve@pearwood.info> - 2016-02-23 10:37 +1100
            Re: Make a unique filesystem path, without creating the file Jon Ribbens <jon+usenet@unequivocal.co.uk> - 2016-02-23 00:08 +0000
              Re: Make a unique filesystem path, without creating the file Chris Angelico <rosuav@gmail.com> - 2016-02-23 11:18 +1100
                Re: Make a unique filesystem path, without creating the file Jon Ribbens <jon+usenet@unequivocal.co.uk> - 2016-02-23 00:26 +0000
                Re: Make a unique filesystem path, without creating the file Chris Angelico <rosuav@gmail.com> - 2016-02-23 11:33 +1100
                Re: Make a unique filesystem path, without creating the file Jon Ribbens <jon+usenet@unequivocal.co.uk> - 2016-02-23 00:44 +0000
                Re: Make a unique filesystem path, without creating the file Chris Angelico <rosuav@gmail.com> - 2016-02-23 11:56 +1100
        Re: Make a unique filesystem path, without creating the file Chris Angelico <rosuav@gmail.com> - 2016-02-23 06:04 +1100
          Re: Make a unique filesystem path, without creating the file Paul Rubin <no.email@nospam.invalid> - 2016-02-22 11:22 -0800
            Re: Make a unique filesystem path, without creating the file Steven D'Aprano <steve@pearwood.info> - 2016-02-23 10:45 +1100
          Re: Make a unique filesystem path, without creating the file Jon Ribbens <jon+usenet@unequivocal.co.uk> - 2016-02-22 19:22 +0000
            Re: Make a unique filesystem path, without creating the file Marko Rauhamaa <marko@pacujo.net> - 2016-02-22 21:32 +0200
              Re: Make a unique filesystem path, without creating the file Random832 <random832@fastmail.com> - 2016-02-22 14:41 -0500
                Re: Make a unique filesystem path, without creating the file Marko Rauhamaa <marko@pacujo.net> - 2016-02-22 22:41 +0200
                Re: Make a unique filesystem path, without creating the file Paul Rubin <no.email@nospam.invalid> - 2016-02-22 13:05 -0800
                Re: Make a unique filesystem path, without creating the file Marko Rauhamaa <marko@pacujo.net> - 2016-02-22 23:22 +0200
                Re: Make a unique filesystem path, without creating the file Paul Rubin <no.email@nospam.invalid> - 2016-02-22 15:26 -0800
              Re: Make a unique filesystem path, without creating the file Steven D'Aprano <steve@pearwood.info> - 2016-02-23 11:33 +1100
                Re: Make a unique filesystem path, without creating the file Marko Rauhamaa <marko@pacujo.net> - 2016-02-23 08:54 +0200
                Re: Make a unique filesystem path, without creating the file Paul Rubin <no.email@nospam.invalid> - 2016-02-22 23:18 -0800
                Re: Make a unique filesystem path, without creating the file Marko Rauhamaa <marko@pacujo.net> - 2016-02-23 21:04 +0200
                Re: Make a unique filesystem path, without creating the file Steven D'Aprano <steve@pearwood.info> - 2016-02-24 12:40 +1100
                Re: Make a unique filesystem path, without creating the file Marko Rauhamaa <marko@pacujo.net> - 2016-02-24 09:20 +0200
                Re: Make a unique filesystem path, without creating the file Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2016-02-25 16:38 +1100
                Re: Make a unique filesystem path, without creating the file Marko Rauhamaa <marko@pacujo.net> - 2016-02-25 08:54 +0200
                Re: Make a unique filesystem path, without creating the file Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2016-02-25 19:21 +1100
                Re: Make a unique filesystem path, without creating the file Jon Ribbens <jon+usenet@unequivocal.co.uk> - 2016-02-25 10:05 +0000
            Re: Make a unique filesystem path, without creating the file Chris Angelico <rosuav@gmail.com> - 2016-02-23 06:37 +1100
            Re: Make a unique filesystem path, without creating the file Steven D'Aprano <steve@pearwood.info> - 2016-02-23 11:03 +1100
              Re: Make a unique filesystem path, without creating the file Jon Ribbens <jon+usenet@unequivocal.co.uk> - 2016-02-23 00:11 +0000
              Re: Make a unique filesystem path, without creating the file Paul Rubin <no.email@nospam.invalid> - 2016-02-22 18:27 -0800
                Re: Make a unique filesystem path, without creating the file Chris Angelico <rosuav@gmail.com> - 2016-02-23 13:53 +1100
                Re: Make a unique filesystem path, without creating the file Paul Rubin <no.email@nospam.invalid> - 2016-02-22 19:26 -0800
                Re: Make a unique filesystem path, without creating the file Mark Lawrence <breamoreboy@yahoo.co.uk> - 2016-02-23 08:09 +0000
                Re: Make a unique filesystem path, without creating the file Paul Rubin <no.email@nospam.invalid> - 2016-02-23 00:22 -0800
                Re: Make a unique filesystem path, without creating the file Peter Otten <__peter__@web.de> - 2016-02-23 09:40 +0100
                Re: Make a unique filesystem path, without creating the file Mark Lawrence <breamoreboy@yahoo.co.uk> - 2016-02-23 09:00 +0000
                Re: Make a unique filesystem path, without creating the file Grant Edwards <invalid@invalid.invalid> - 2016-02-23 15:14 +0000
                Re: Make a unique filesystem path, without creating the file Steven D'Aprano <steve@pearwood.info> - 2016-02-25 11:41 +1100
                Re: Make a unique filesystem path, without creating the file Random832 <random832@fastmail.com> - 2016-02-25 10:03 -0500
    Re: Make a unique filesystem path, without creating the file Steven D'Aprano <steve@pearwood.info> - 2016-02-23 11:18 +1100

csiph-web