Difference between revisions of "Talk:Random number generation"

From ArchWiki
Jump to: navigation, search
(import old conversation - on the bashing of /dev/urandom from Talk:Dm-crypt_with_LUKS)
 
m (references for an update: update paper link, I pasted the wrong link earlier)
 
(11 intermediate revisions by 5 users not shown)
Line 1: Line 1:
== on the bashing of /dev/urandom ==
+
== random vs urandom in this page ==
{{Note|This section was moved from [[Talk:Dm-crypt_with_LUKS]].}}
 
  
I don't take an opinion on whether old overwritten data can be read.
+
Looking at the discussion under [[Talk:Dm-crypt/Device encryption#Encryption options for LUKS mode example]], and notably [http://www.2uo.de/myths-about-urandom/ Myths about /dev/urandom], I believe the warning in this page (about not using urandom for long-term cryptographic keys) should be lessened and expanded: when random is absolutely necessary, and why urandom is enough for the most use-cases, even for master keys.
 +
I think it should go beyond the three unexplained links Indigo added at the end of the sentence, but I'd like to wait for wiki maintainers' opinion, as the nuances in this page could be critical for users. <span style="color:red">— [[User:Dinghy|Dinghy]] ([[User_talk:Dinghy|Talk]])</span> 01:24, 11 December 2015 (UTC)
  
However, there is an unrelated reason to fill a LUKS partition from {{ic|/dev/urandom}} before LUKS-initializing it (and after checking for bad blocks if you wanted to do that).
+
:I'd be in favor of at least adding external references to the Warning, can you post a draft of how you'd reword it? — [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 06:27, 12 December 2015 (UTC)
  
It makes it harder for people trying to read your disk and find out what's on it. If you filled it with zeroes, for example, then they would be able to tell which portions of the partition had been written to since you initialized it.
+
::I agree the links should be prepended with another sentence. They mainly cater for alternating opinions to let the reader make up own mind. The warning may also be softened or phrased more relative at least. A suitable reference to use in it may be [[w:RdRand#Reception]]. Yet, situation has changed in many aspects (e.g. more widespread application usage for random seeds, more virtual machines of different sorts, kernel changes at the same time) since the warning was added. Happy if someone can suggest an alternate wording for that. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 12:23, 1 March 2017 (UTC)
  
compare gentoo docs, http://en.gentoo-wiki.com/wiki/DM-Crypt_with_LUKS#Filling_the_disk_with_random_data --[[User:Idupree|Idupree]] 22:45, 3 March 2010 (EST)
+
== references for an update ==
 
+
Re above talk, I'd like to also add a little to the urandom section to account for kernel 4.8 changes.
:Agreed, {{ic|/dev/urandom}} should be used to clear partitions, at least as default in the examples. If anyone wants to zero the partitions instead of using random data, they are free to do so. --[[User:Montschok|Montschok]] 20:53, 11 August 2010 (EDT)
+
Leaving the references here I'd like to work in sometime soon, if noone is faster:
 +
:* [https://lkml.org/lkml/2016/7/25/43 kernel 4.8 changes], in particular [http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e192be9d9a30555aae2ca1dc3aad37cba484cd4a]
 +
:* [http://www.chronox.de/lrng/doc/lrng.pdf urandom update paper] (likely a see also)
 +
:* [http://www.chronox.de/crypto-API/index.html Kernel crypto doc] see also
 +
Also, without wanting to make the article a programming reference, the more widely pushed getent() should perhaps get a further mention.  
 +
--[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 12:23, 1 March 2017 (UTC)

Latest revision as of 17:11, 1 March 2017

random vs urandom in this page

Looking at the discussion under Talk:Dm-crypt/Device encryption#Encryption options for LUKS mode example, and notably Myths about /dev/urandom, I believe the warning in this page (about not using urandom for long-term cryptographic keys) should be lessened and expanded: when random is absolutely necessary, and why urandom is enough for the most use-cases, even for master keys. I think it should go beyond the three unexplained links Indigo added at the end of the sentence, but I'd like to wait for wiki maintainers' opinion, as the nuances in this page could be critical for users. Dinghy (Talk) 01:24, 11 December 2015 (UTC)

I'd be in favor of at least adding external references to the Warning, can you post a draft of how you'd reword it? — Kynikos (talk) 06:27, 12 December 2015 (UTC)
I agree the links should be prepended with another sentence. They mainly cater for alternating opinions to let the reader make up own mind. The warning may also be softened or phrased more relative at least. A suitable reference to use in it may be w:RdRand#Reception. Yet, situation has changed in many aspects (e.g. more widespread application usage for random seeds, more virtual machines of different sorts, kernel changes at the same time) since the warning was added. Happy if someone can suggest an alternate wording for that. --Indigo (talk) 12:23, 1 March 2017 (UTC)

references for an update

Re above talk, I'd like to also add a little to the urandom section to account for kernel 4.8 changes. Leaving the references here I'd like to work in sometime soon, if noone is faster:

Also, without wanting to make the article a programming reference, the more widely pushed getent() should perhaps get a further mention. --Indigo (talk) 12:23, 1 March 2017 (UTC)