我明白/dev/urandom 了吗? [英] Did I understand /dev/urandom?
问题描述
我一直在阅读有关 /dev/urandom 的内容,据我所知,/dev/random 通过利用几个事件来创建加密随机数,例如网络数据包计时等.但是,我是否正确理解 /dev/urandom 使用 PRNG,并以 /dev/random 中的数字为种子?或者它只是使用 /dev/random 只要有比特 - 当它们用完时它会退回到一些 PRNG 并从哪里收集种子?
I have been reading about /dev/urandom, and as far as I can tell, /dev/random creates cryptographically random numbers by taking advantage of several events like network packet timings, etc. However, did I understand right that /dev/urandom uses a PRNG, seeded with a number from /dev/random? Or does it just use /dev/random as long as there are bits -- and when they run out it falls back to some PRNG with a seed gathered from where?
推荐答案
来自 urandom 手册页:
随机数生成器收集来自设备的环境噪音驱动程序和其他来源进入熵池.发电机也保持估计的数量熵池中的一些噪音.从这个熵池随机数已创建.
The random number generator gathers environmental noise from device drivers and other sources into an entropy pool. The generator also keeps an estimate of the number of bits of noise in the entropy pool. From this entropy pool random numbers are created.
读取时,/dev/random 设备只会返回随机字节估计的噪声位数在熵池中./开发/随机应该适合需要的用途非常高质量的随机性,例如作为一次性键盘或按键一代.当熵池为空,从/dev/random 读取将阻止,直到额外的环境噪音被收集.
When read, the /dev/random device will only return random bytes within the estimated number of bits of noise in the entropy pool. /dev/random should be suitable for uses that need very high quality randomness such as one-time pad or key generation. When the entropy pool is empty, reads from /dev/random will block until additional environmental noise is gathered.
从/dev/urandom 设备读取不会阻塞等待更多熵.结果,如果有熵中没有足够的熵池,返回值为理论上容易受到对算法的密码攻击由司机使用.知识如何这样做是不可用的当前未分类的文献,但理论上这种情况是可能的可能存在攻击.如果这是一个在您的应用程序中关注,使用/dev/random 代替.
A read from the /dev/urandom device will not block waiting for more entropy. As a result, if there is not sufficient entropy in the entropy pool, the returned values are theoretically vulnerable to a cryptographic attack on the algorithms used by the driver. Knowledge of how to do this is not available in the current unclassified literature, but it is theoretically possible that such an attack may exist. If this is a concern in your application, use /dev/random instead.
两者都使用 PRNG,尽管使用环境数据和熵池使得破解 PRNG 在天文上变得更加困难,而且如果不收集完全相同的环境数据也是不可能的.
both uses a PRNG, though using environmental data and entropy pool makes it astronomically much more difficult to crack the PRNG, and impossible without also gathering the exact same environmental data.
根据经验,如果没有专门的昂贵硬件来从量子事件中收集数据,就没有真正的随机数生成器(即生成真正不可预测数字的 RNG)这样的东西;尽管出于加密目的,/dev/random 或/dev/urandom 就足够了(使用的方法是用于 CPRNG,加密伪随机数生成器).
As a rule of thumb, without specialized expensive hardware that gathers data from, say, quantum events, there is no such thing as true random number generator (i.e. a RNG that generates truly unpredictable number); though for cryptographic purpose, /dev/random or /dev/urandom will suffice (the method used is for a CPRNG, cryptographic pseudo-random number generator).
/dev/random 的熵池和阻塞读取用作安全防护,以确保无法预测随机数;例如,如果攻击者耗尽了系统的熵池,尽管以今天的技术极不可能,但他有可能预测/dev/urandom 的输出,该输出已经很长时间没有重新播种(尽管这样做这还需要攻击者耗尽系统收集更多熵的能力,这在天文学上也是不可能的).
The entropy pool and blocking read of /dev/random is used as a safe-guard to ensure the impossibility of predicting the random number; if, for example, an attacker exhausted the entropy pool of a system, it is possible, though highly unlikely with today's technology, that he can predict the output of /dev/urandom which hasn't been reseeded for a long time (though doing that would also require the attacker to exhaust the system's ability to collect more entropies, which is also astronomically improbably).
这篇关于我明白/dev/urandom 了吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
