Cryptographically strong random - /dev/urandom ?
Wed Apr 20 12:33:36 CEST 2005
Roger Larsson <roger.larsson@REDACTED> writes:
> On Monday 18 April 2005 18.57, klacke@REDACTED wrote:
> > On Mon, Apr 18, 2005 at 12:58:50PM +0300, joel reymont wrote:
> > > Folks,
> > >
> > > I understand that SSL in Erlang is based on OpenSSL. That library also
> > > comes with a cryptographically strong random implementation but that
> > > bit is not included in Erlang SSL.
> > >
> > > Is there a cryptographically strong implementation for Erlang?
> > We do:
> > random_ascii_str(Length) ->
> > random_ascii_str(Length, os:cmd("dd if=/dev/urandom count=1"), , 0).
> from "man urandom"
> When read, /dev/urandom device will return as many bytes as are
> requested. As a result, if there is not sufficient entropy in the
> entropy pool, the returned values are theoretically vulnerable to a
> cryptographic attack on the algorithms used by the driver. Knowledge
> of how to do this is not available in the current non-classified liter‐
> ature, but it is theoretically possible that such an attack may exist.
> If this is a concern in your application, use /dev/random instead.
The boring thing with /dev/random is that it can block until you
wiggle the mouse :-)
-Luke (not somebody to take any cryptography advice from)
More information about the erlang-questions