Linux – Does ‘urandom’ Share the Same Entropy as ‘random’?

kernellinuxrandom number generator

Does the entropy pool /dev/random used the same to /dev/urandom?

I want to

mknod /dev/random 1 9

to replace the slow random, I think the current entropy is randomly enough, if urandom is based on the same entropy, and all succeed random numbers are generated based on that entropy, I don't think there'll be any vulnerable.

Best Answer

At the end of the day, what urandom gives you may well be implementation-specific, but the man page says that it will use the available entropy if it's there, and only fall back to the PRNG when it runs out of entropy. So if you have enough entropy, you should get as good a result as if you'd used random instead.

But, and this is a big but: You have to assume you're getting a purely pseudo-generated value with no genuine entropy at all, because the entropy pool may be empty. Therefore, you have to treat urandom as a PRNG, even though it may do better than that in any given situation. Whether it does is not deterministic (within the confines of your code) and you have to expect that the worst case will apply. After all, if you were sure there's enough entropy in the pool, you'd use random, right? So the act of using urandom means you're okay with a PRNG, and that means a potentially, theoretically crackable result.

Related Solutions

Linux – How to point /dev/random to /dev/urandom

All you need to do is to create something like /etc/udev/rules.d/70-disable-random-entropy-estimation.rules with the following contents:

# /etc/udev/rules.d/70-disable-random-entropy-estimation.rules
# Disables /dev/random entropy estimation (it's mostly snake oil anyway).
#
# udevd will warn that the kernel-provided name 'random' and NAME= 'eerandom'
# disagree.  You can ignore this warning.

# Use /dev/eerandom instead of /dev/random for the entropy-estimating RNG.
KERNEL=="random", NAME="eerandom"

# Remove any existing /dev/random, then create symlink /dev/random pointing to
# /dev/urandom
KERNEL=="urandom", PROGRAM+="/bin/rm -f /dev/random", SYMLINK+="random"

Linux – Is reading from /proc/sys/kernel/random/entropy_avail draining entropy

Main point here is that creating a process will consume some amount of entropy.

As stated in comments in the blog post Entropy Broken entropy is needed at least for randomization of the address space layout.

cat is a process, thus running watch cat ... will be consuming entropy constantly. Obviously, when you kill watch your system is restoring entropy to the usual level.

Best Answer

Related Solutions

Linux – How to point /dev/random to /dev/urandom

Linux – Is reading from /proc/sys/kernel/random/entropy_avail draining entropy

Related Question