[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] what's the difference between

I was just disecting the wikipedia entry :-)

What I'm running into is a lack of entropy on a server causing a drained
condition in /dev/random. The random stuff is used when samhain IDS starts
up to create a one-time pad key. If it's not large enough it errors and
reuses an old one (?) or hits urandom (?). I can use a configure flag to
spec the random device (supports egd as well) but compiled with the default
/dev/random. Still in the "lab" on this one so may recompile and spec

On Fri, Dec 5, 2008 at 2:04 PM, Mike Fletcher <fletch at phydeaux.org> wrote:

> Jim Kinney wrote:
> > /dev/random and /dev/urandom?
> >
> > /dev/random is very slow and on a newly installed machine `cat
> > /dev/random` does little. Same machine `cat /dev/urandom` fills the
> > screen quickly.
> >
> Quoth http://en.wikipedia.org/wiki/Urandom
> A counterpart to /dev/random is /dev/urandom ("unlocked" random source)
> which reuses the internal pool to produce more pseudo-random bits. This
> means that the call will not block, but the output may contain less
> entropy than the corresponding read from /dev/random. The intent is to
> serve as a cryptographically secure pseudorandom number generator. This
> may be used for less secure applications.
> > Is there a way to "add entropy" to get /dev/random to fill quicker?
> Ibid says that priviledged users can write to it and call an ioctl to
> change the entropy estimate, but if you're going to do that you probably
> might as well be using urandom (unless you're reading from your webcam
> watching your lava lamp collection, of course . . .)
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale

James P. Kinney III
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20081205/9b5dabb1/attachment.html