Forum: Ruby-core SecureRandom should try /dev/urandom first

De5a73022773d405027eb2fa03b9805f?d=identicon&s=25 unknown (Guest)
on 2014-02-26 22:54
(Received via mailing list)
Issue #9569 has been updated by Corey Csuhta.


The `random(4)` manpage on Linux isn't accurate in this reguard. You
**can** use it as more than just a seed source, and you can use it as
frequently as you want.

On modern Linux, both `/dev/random` and `/dev/urandom` are
[CSPRNG](http://en.wikipedia.org/wiki/Cryptographically_sec...,
and can be used safely (after system boot, see references). The only
difference is that `/dev/random` attempts to keep some kind of measure
of its available entropy, and will sometimes block if if feels
unsatisfied about that. On FreeBSD, Unix, and OS X, there is no
difference between `/dev/random` and `/dev/urandom` anymore, and the
manpages on OS X at least don't include this "rate-limit" hokum about
`/dev/urandom`.

Two additional points:

OpenSSL seeds itself from `/dev/urandom` as you stated, but you could
run a lot of OpenSSL processes on your system at one time and none of
them would complain that your `/dev/urandom` is not currently to be
trusted because you used it too much.

`SecureRandom` in Ruby will use `/dev/urandom` if OpenSSL is not
available, based on the code snippet I linked in the original post. This
is contrary to your statement that `/dev/urandom` is not safe for
cookies or frequent access. As currently implemented, `SecureRandom`
**will** access `/dev/urandom` frequently if OpenSSL is not available.

References:
http://blog.cr.yp.to/20140205-entropy.html
http://sockpuppet.org/blog/2014/02/25/safely-gener...
https://developer.apple.com/library/mac/documentat...
http://security.stackexchange.com/questions/3936/i...


----------------------------------------
Feature #9569: SecureRandom should try /dev/urandom first
https://bugs.ruby-lang.org/issues/9569#change-45494

* Author: Corey Csuhta
* Status: Rejected
* Priority: Normal
* Assignee:
* Category: lib
* Target version: current: 2.2.0
This topic is locked and can not be replied to.