[fpc-pascal] quality of FPC random
David W Noon
david.w.noon at googlemail.com
Fri Aug 21 00:44:46 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 20 Aug 2015 22:50:05 +0200, Klaus Hartnegg (<hartnegg at gmx.de>)
wrote about "Re: [fpc-pascal] quality of FPC random" (in
<55D63D7D.6040304 at gmx.de>):
> Am 14.08.2015 um 15:38 schrieb Xiangrong Fang:
>> I need to generate random numbers to be used as IV of block
>> ciphers. My question is: is FPC built-in PRNG good enough as
>> comparing to /dev/urandom?
>
> NO!!! For crypto always use /dev/urandom
>
>> On the other hand, /dev/urandom in my impression is fairly slow,
>> how is the speed of Random() comparing to that?
>
> Speed is irrelevant, because you do not need many truely random
> numbers for crypto. For crypto always use /dev/urandom
man 4 random
The /dev/urandom device can resort to a PRNG and can, therefore, be
attacked when used for crypto. Consequently, /dev/urandom is *not*
universally suitable for cryptographic purposes.
In contrast, /dev/random is based on the system entropy pool. Its
numbers are genuinely random. The downside is that if the entropy
pool runs low on bytes, read requests will block until the pool is
refilled.
On this machine, I have a hardware random number generator on the bus
control chipset and a daemon process that uses the hardware to top up
the entropy pool when it gets low. I highly recommend such a set-up.
Failing that, you can use the HAVEGE daemon (Google is your friend)
to top up the entropy pool from other sources, if you don't have a
hardware RNG.
- --
Regards,
Dave [RLU #314465]
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
david.w.noon at googlemail.com (David W Noon)
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlXWWF4ACgkQogYgcI4W/5RqJQCgsVvdf3ihJrvqs4UQdICQTB7T
epkAoMXQR+Kjai///7EibePEoT6RUoq/
=IGX0
-----END PGP SIGNATURE-----
More information about the fpc-pascal
mailing list