/dev/random on Linux ...

[Jim Cheetham]

A couple of days ago I received this message from Thomas Hühn <t at 2uo.de> :-

> Hi Jim,
>
> On http://onerng.info/random.html you claim that "This interface internally does exactly the same as /dev/random, except that when the entropy pool is close to exhaustion it will instead start to deliver data from a software device, a PRNG that has been seeded from 'good' random data.".
>
> That's wrong. The _only_ difference between /dev/random and /dev/urandom on Linux is that the latter doesn't care about the amount of estimated entropy in the pool(s).
>
> The output of /dev/random is hashed and processed in exactly the same way as the output of /dev/urandom, there is no PRNG exclusive to the latter.
>
> You can find more details in http://www.2uo.de/myths-about-urandom/#structure

I've done a fair bit of reading based on that link of his, and of
course it opens up some more questions. I certainly used to assume
that /dev/random's source of data was different to /dev/urandom's, and
a quick read through random.c does indeed back up Thomas' description
that they are indeed the same.

However, given that, I don't yet understand how re-seeding is affected
by the entropy collector processes, I'm a little confused about
initial seeding and how that relates to key generation, and I'm really
stuck as to what the entropy estimate counter is trying to achieve.

None of this directly affects OneRNG and its goals; it does mean that
the default benefit to a Linux system needs more consideration, and I
have to tighten up some of the text I've written on the website & put
into presentations.

I'd appreciate some other people having a look at this article and
giving me their comments :-)

-jim