[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

/dev/random vs. /dev/urandom

/dev/random vs. /dev/urandom

1 Like

/dev/random blocking is only useful during early boot and causes performance problems otherwise. A good seed should provide an “infinite” amount of entropy so blocking during system operation is obsolete. Applications that use the RNG after boot are recommended to use urandom because it doesn’t block. jitter-entropy ensures a well seeded boot environment and stops slow boot and blocking. Crypto like ECC uses entropy from the kernel and not via /dev/random. Jitter acts as a safety net for all crypto operations.

1 Like

With the current config in Whonix / Kicksecure (haveged, jitterentropyrng user space daemon and kernel module), /dev/random has same performance as /dev/urandom?

yes

1 Like

So in case of Whonix / Kicksecure we can use /dev/random all the way.

Yes we can. What custom software are you thinking of?

1 Like
  • swap-file-creator
  • tirdad
  • bootclockrandomization
  • uwt time privacy
1 Like

Can chapter Viewpoint: /dev/random is obsolete be deleted? @HulaHoop

What facts are we endorsing if you remove it?

I think we should append what/why using it in Whonix the way we do, is better than a default distro?

1 Like

Viewpoint: better use /dev/random

Already done above on that page?

I think it is important to keep the entire thought process documented for completion. This gives important context for the conclusion with both sides considered.

1 Like

Makes sense.

Viewpoint: /dev/random is obsolete could be marked as obsolete and not kept as if this was still an equally valid position where nobody is really sure which one is right?

Let me know if it’s still contested but I guess Viewpoint: better use /dev/random is correct.

1 Like

Viewpoint: better use /dev/random

I feel in that case it should be compressed into a footnote and cited as obsolete in the writeup " Viewpoint: better use /dev/random". This way it won’t be considered equal or cause confusion.

Re-reading the argument for /dev/random I feel it only helps in a very limited corner case - programs wanting entropy from an empty entropy pool. It does nothing to protect in case of the pool having a garbage or malicious seed.

For the former, https://github.com/rfinnie/twuewand would help. I can open a ticket if you decide to package it down the line so the topic doesn’t get buried.

Edit by Patrick:

1 Like

2 posts were merged into an existing topic: Moar Entropy Sources

7 posts were merged into an existing topic: Moar Entropy Sources

2 posts were split to a new topic: twuewand - a truerand algorithm for generating entropy - Whonix integration

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]