[Esapi-user] ESAPI Random Number Generation Broken
Kevin W. Wall
kevin.w.wall at gmail.com
Wed Jun 25 23:25:51 UTC 2014
On Wed, Jun 25, 2014 at 6:56 PM, Jim Manico <jim.manico at owasp.org> wrote:
> The rabbit hole here is •very• deep.
> I encourage you to read the following from Thomas Ptacek.
Here's my TL;DR version...
Ideally, reading from /dev/urandom would be better than using SecureRandom, BUT
1) Not as convenient
2) Definitely not as portable
You could of course write your own portable wrapper, but that's what
is *intended* to be. Early versions were an epic failure (wrt the
Secondly, Ptacek says there's no difference between /dev/urandom and
For all practical purposes, that is true with the exception of shortly
after system boot
times. /dev/random blocks if you ask if for N-bytes and it has not
entropy from the system; /dev/urandom will not block but simple say,
okay, here's the
best I've got. But that is a VERY important difference!!! Why? Because when do
all those processes request most of the random values? Right; shortly
boot from the various processes started from the 'rc' scripts
(/etc/init.d). So by
not blocking, someone is going to end up with random values that are more likely
to be predictable.
If someone wants to jump onto a G+ hangout or Skype session or
whatever, I'm willing to
talk about this...assuming that I get a chance to talk and am not
interrupted. I'm available
for the next 45 minutes. (It's now 7:23pm EDT.)
P.S.- This was my 'tl;dr' version. Now you know why I don't Tweet, right? :)
NSA: All your crypto bit are belong to us.
More information about the Esapi-user