[PYTHON-CRYPTO] /dev/random vs. /dev/urandom

[Bram Cohen]

Mark McEahern wrote:

> Apparently, the practical effect is that sometimes using /dev/random takes
> longer, but no one has demonstrated an attack against /dev/urandom.

There are possible attacks on /dev/urandom if there's no source of entropy
on the machine at all - in that case /dev/random will instead block
forever, while /dev/urandom will return predictable data. (like, if you
reboot the machine it will return the same stuff the second time.)

The core of /dev/urandom really should be better - it's not as secure as
it should be against some theoretical attacks, and it should use aes for
performance reasons, but it's basically sound.

Why then, doesn't /dev/random block until it's got a sufficient initial
seed, and then return data immediately? Paranoid security wankery. That's
the only way to put it. There is no security justification.

-Bram Cohen

"Markets can remain irrational longer than you can remain solvent"
                                        -- John Maynard Keynes