How random is urandom?
https://stackoverflow.com/questions/1868964
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
In Linux, just how random is /dev/urandom/? Is it considered safe?
Also is it possible to get a stream of 1's?
Solution
Note 4.5 years later: this is bad advice. See one of these links for details.
If you're generating cryptographic keys on Linux, you want /dev/random, even if it blocks-- you don't need that many bits.
For just about anything else, like generating random test data or unpredictable session IDs, /dev/urandom is fine. There are enough sources of entropy in most systems (timing of keyboard and mouse events, network packets, etc) that the output will be unpredictable.
OTHER TIPS
Please check the man page:
Yarrow is a fairly resilient algorithm, and is believed to be resistant
to non-root. The quality of its output is however dependent on regular
addition of appropriate entropy. If the SecurityServer system daemon
fails for any reason, output quality will suffer over time without any
explicit indication from the random device itself.
Paranoid programmers can counteract this risk somewhat by collecting
entropy of their choice (e.g. from keystroke or mouse timings) and seed-
ing it into random directly before obtaining important random numbers.
use /dev/urandom, its cryptographically secure.
good read: http://www.2uo.de/myths-about-urandom/
"If you are unsure about whether you should use /dev/random or /dev/urandom, then probably you want to use the latter."
When in doubt in early boot, wether you have enough entropy gathered. use the system call getrandom() instead. [1]
Its best of both worlds, it blocks until (only once!) enough entropy is gathered, after that it will never block again.
