Entropy

Sven Mueller debian at incase.de
Tue Oct 24 18:13:06 UTC 2006


Fabian Fagerholm wrote on 24/10/2006 20:05:
> There was a thread on the upstream mailing list a few weeks or so ago
> that reminded me of the /dev/random vs. /dev/urandom issue.
> 
> To sum it up: /dev/random will block if your apps eat too much entropy.
> SASL uses entropy for many things, so it will block if /dev/random
> blocks. /dev/urandom doesn't block. The general advice seems to be
> that /dev/urandom is fine for most tasks, even though the urandom man
> page states that its numbers are cryptographically weaker
> than /dev/random's. How much weaker is a matter of debate, and it has
> been suggested that the difference is irrelevant in practise.

/dev/urandom is only weaker as /dev/random in the case where /dev/random
would block IIRC.

> In Cyrus SASL, this choice is a build-time option.[...]
> Should we use /dev/urandom for our package?

I would go for /dev/urandom. There are to many services which depend on
sasl to accept that it blocks due to missing entropy.

cu,
Sven
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 188 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20061024/48193a11/signature.pgp


More information about the Pkg-cyrus-sasl2-debian-devel mailing list