views:

196

answers:

3

In Linux, just how random is /dev/urandom/? Is it considered safe?

Also is it possible to get a stream of 1's?

+4  A: 

Please check the man page:

Yarrow is a fairly resilient algorithm, and is believed to be resistant
     to non-root.  The quality of its output is however dependent on regular
     addition of appropriate entropy. If the SecurityServer system daemon
     fails for any reason, output quality will suffer over time without any
     explicit indication from the random device itself.

     Paranoid programmers can counteract this risk somewhat by collecting
     entropy of their choice (e.g. from keystroke or mouse timings) and seed-
     ing it into random directly before obtaining important random numbers.
ennuikiller
But lets say you are pulling from random or urandom. and the system is just sitting there on lets say a live cd. Wouldn't the entropy be similar every time the same scenario occurred,.
Recursion
That's a link to a BSD man page, and in this case the Linux behavior is different: /dev/random is "stronger" than /dev/urandom.
Eric Seppanen
+3  A: 

If you're generating cryptographic keys on Linux, you want /dev/random, even if it blocks-- you don't need that many bits.

For just about anything else, like generating random test data or unpredictable session IDs, /dev/urandom is fine. There are enough sources of entropy in most systems (timing of keyboard and mouse events, network packets, etc) that the output will be unpredictable.

Eric Seppanen
+1, though its often easier and faster to gather your own entropy rather than waiting on a blocking /dev/random. I fill large files in this manner for 'bottled' entropy when working on monte carlo simulations, its much faster to bang the keys and move the mouse than it is to wait on /dev/random
Tim Post
I'm confused: how is this better than using /dev/urandom?
Eric Seppanen
Last time I looked /dev/urandom on linux returned the same output as /dev/random *as long as there is entropy in the pool* because they both use the pool. The difference is that urandom will fall back on a plain rehashing algorithm when there is no stored entropy, while random will wait until new entropy has been added.
dmckee
A: 

is it possible to get a constant stream of 1's.

Recursion
A stream of n 1's is as valid a result as any other unique string of n bits, so if it were impossible for your random number generator to get a stream of n 1's, then it wouldn't be a very good random number generator. (Your follow-up question would be better expressed as an edit to your original question.)
Josh Kelley