Hacker News new | past | comments | ask | show | jobs | submit login
Hardware Random Number Generator Useful (foo.be)
2 points by bootload on July 17, 2008 | hide | past | web | favorite | 1 comment

The idea presented in this article that /dev/urandom output is predictable is completely wrong. It is simply not secure from an information theoretic perspective: if an attacker had some amount of previous /dev/urandom data, and no new entropy was introduced into the pool, they could derive future output. However it is still cryptographically strong/computationally strong: actually doing this seems to require knowing how to invert SHA-1, which is apparently a difficult problem (I believe the best anyone has done is to invert 2 of the 3 rounds of MD4, which is a much weaker hash).

For much the same reason, RSA is not information-theoretically secure (if you have the public key, you have all the information you need to get the private key: you 'just' factor the modulus). That does not mean it is insecure, it just means you must make sure that the computational effort required is greater than the expected maximum computational effort anyone might expend (or, preferably, the maximum computational effort that might be feasible within your security lifetime).

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact