Entropy

Henrique de Moraes Holschuh hmh at debian.org
Wed Oct 25 00:46:27 UTC 2006


On Tue, 24 Oct 2006, Sven Mueller wrote:
> Fabian Fagerholm wrote on 24/10/2006 20:05:
> > There was a thread on the upstream mailing list a few weeks or so ago
> > that reminded me of the /dev/random vs. /dev/urandom issue.
> > 
> > To sum it up: /dev/random will block if your apps eat too much entropy.
> > SASL uses entropy for many things, so it will block if /dev/random
> > blocks. /dev/urandom doesn't block. The general advice seems to be
> > that /dev/urandom is fine for most tasks, even though the urandom man
> > page states that its numbers are cryptographically weaker
> > than /dev/random's. How much weaker is a matter of debate, and it has
> > been suggested that the difference is irrelevant in practise.
> 
> /dev/urandom is only weaker as /dev/random in the case where /dev/random
> would block IIRC.

And SASL does not generate any permanent key material, so it is not in the
"must use /dev/random" class of applications.

> > In Cyrus SASL, this choice is a build-time option.[...]
> > Should we use /dev/urandom for our package?
> 
> I would go for /dev/urandom. There are to many services which depend on
> sasl to accept that it blocks due to missing entropy.

Agreed.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh



More information about the Pkg-cyrus-sasl2-debian-devel mailing list