

Applied Crypto Hardening [pdf] - SpaceInvader
https://bettercrypto.org/static/applied-crypto-hardening.pdf

======
tptacek
_On Linux there are two devices that return random bytes when read; the
/dev/random can block until sufficient entropy has been collected while
/dev/urandom will not block and return whatever (possibly insufficient)
entropy has been collected so far._

 _Unfortunately most crypto implementations are using /dev/urandom and can
produce predictable random numbers if not enough entropy has been collected
[HDWH12]._

This is inaccurate, and implementations _should_ use urandom, to the exclusion
of all RNGs.

[http://sockpuppet.org/blog/2014/02/25/safely-generate-
random...](http://sockpuppet.org/blog/2014/02/25/safely-generate-random-
numbers/)

 _A word of warning: One should get familiar with ECC, different curves and
parameters if one chooses to adopt ECC configurations. Since there is much
discussion on the security of ECC, flawed settings might very well compromise
the security of the entire system!_

This is equally true of RSA, perhaps more so. In 2015, your default selection
for asymmetric crypto should be ECC.

~~~
SpaceInvader
Yeah, I agree. /dev/random and it's usage is an very important topic.

