Cryptographically strong random - /dev/urandom ?
Roger Larsson
roger.larsson@REDACTED
Wed Apr 20 01:13:41 CEST 2005
On Monday 18 April 2005 18.57, klacke@REDACTED wrote:
> On Mon, Apr 18, 2005 at 12:58:50PM +0300, joel reymont wrote:
> > Folks,
> >
> > I understand that SSL in Erlang is based on OpenSSL. That library also
> > comes with a cryptographically strong random implementation but that
> > bit is not included in Erlang SSL.
> >
> > Is there a cryptographically strong implementation for Erlang?
>
> We do:
>
>
> random_ascii_str(Length) ->
> random_ascii_str(Length, os:cmd("dd if=/dev/urandom count=1"), [], 0).
from "man urandom"
When read, /dev/urandom device will return as many bytes as are
requested. As a result, if there is not sufficient entropy in the
entropy pool, the returned values are theoretically vulnerable to a
cryptographic attack on the algorithms used by the driver. Knowledge
of how to do this is not available in the current non-classified liter‐
ature, but it is theoretically possible that such an attack may exist.
If this is a concern in your application, use /dev/random instead.
/RogerL
More information about the erlang-questions
mailing list