[erlang-questions] All possible internal states of Erlang/OTP random module are practically computable

Sverker Eriksson sverker.eriksson@REDACTED
Wed Jan 7 16:26:42 CET 2015


On 12/23/2014 03:56 PM, Jesper Louis Andersen wrote:
> 3. ... The 'strong_rand_bytes/1' function can
> return 'low_entropy' which is outright wrong and preposterous on modern
> machines. It never will, if the underlying random primitive is correctly
> implemented. The whole idea of "running out of entropy" is false.
>

'low_entropy' from strong_rand_bytes/1 is a direct mapping to RAND_bytes
returning error, which OpenSSL docs say can happen "... if the PRNG has not
been seeded with enough randomness to ensure an unpredictable byte 
sequence."

And the Linux man page for /dev/random and /dev/urandom says things like:
"When the entropy pool is empty, reads from /dev/random will block
until additional environmental  noise is gathered.".

So, it seems to me that "running out of entropy" is at least a valid 
concept.
And doing "cat /dev/random" on my Linux machine sure do block
after a few hundred bytes of output.


/Sverker





More information about the erlang-questions mailing list