From ArchWiki
Latest comment: 30 June 2017 by Lahwaacz in topic Warning regarding /dev/urandom


Note: the last paragraph mentions `rngtest` as a way to test the quality of the random generator. However, testing `/dev/urandom` also returns ~1000 successes and no failures, so this doesn't really show the strength of the hardware generator compared to the much faster urandom (which I assume produces "less random" results)...

EDIT: Well, maybe urandom isn't that bad

--Gyscos (talk) 04:20, 11 June 2017 (UTC)Reply

Warning regarding /dev/urandom

Regarding this warning:

Warning: Some tutorials available on the Internet recommend the following line for systems without TRNG: RNGD_OPTS="-o /dev/random -r /dev/urandom" Of course, this is a really bad idea, since you are simple filling the kernel entropy pool with entropy coming from the kernel itself! If your system does not have an available TRNG consider using haveged instead. See FS#34580 for details.

This seems less true now. The entropy source for /dev/urandom was rewritten in kernel 4.8 to use chacha20: written by DJ Bernstein:

In cursory testing on a variety of kernels (Ubuntu, kernel = 4.4, with hwbacked rng and Fedora, kernel 4.11 without hwrng) and systems using dieharder, a current kernel's /dev/urandom will perform roughly as well as a tpm/hwrng backed /dev/random. That cannot be said for a haveged backed /dev/random. This likely needs to be revisited.

As a note of comparison, /dev/urandom from kernel < 4.8 fails every test in the dieharder suite (Tested on Centos 7, kernel=3.10).

This addition was removed due to lack of citation, the citations are here. The above Wikipedia article discusses the cryptographic security of the underlying algorithm.

—This unsigned comment is by Osteichthyes (talk) 23:02, 29 June 2017‎. Please sign your posts with ~~~~!

What reference justifies the use of rngd -r /dev/urandom? As far as I'm aware, this does not depend on any underlying algorithm, but the overall structure of random number generation in the kernel, discussed in this article (linked from the warning in question). AFAIK, it hasn't changed for a long time. -- Lahwaacz (talk) 20:05, 30 June 2017 (UTC)Reply