将python SystemRandom / os.urandom总是有足够的熵为好的加密 [英] Will python SystemRandom / os.urandom always have enough entropy for good crypto
问题描述
我有一个密码生成器:
import random, string
def gen_pass():
foo = random.SystemRandom()
length = 64
chars = string.letters + string.digits
return ''.join(foo.choice(chars) for _ in xrange(length))
根据文档,SystemRandom使用os.urandom,它使用/ dev / urandom抛出随机cryto位。在Linux中,你可以从/ dev / urandom或/ dev / random获取随机位,它们都使用内核可以得到的任何熵。可用的熵的数量可以用tail / proc / sys / kernel / random / entropy_avail来检查,这将返回一个数字,如:129.更多的熵可用的数字越高。 / dev / urandom和/ dev / random之间的区别是/ dev / random只有在entropy_avail足够高(如至少60)时才会吐出位,而/ dev / urandom会总是吐出位。文档说/ dev / urandom是好的加密,你只需要使用/ dev / random的ssl证书等。
According to the docs, SystemRandom uses os.urandom which uses /dev/urandom to throw out random cryto bits. In Linux you can get random bits from /dev/urandom or /dev/random, they both use whatever entropy the kernel can get its hands on. The amount of entropy available can be checked with tail /proc/sys/kernel/random/entropy_avail, this will return a number like: 129. The higher the number more entropy is available. The difference between /dev/urandom and /dev/random is that /dev/random will only spit out bits if entropy_avail is high enough (like at least 60) and /dev/urandom will always spit out bits. The docs say that /dev/urandom is good for crypto and you only have to use /dev/random for ssl certs and the like.
我的问题是gen_pass是否有助于制作强密码级密码?如果我尽快调用这个函数,我会停止得到强的cryto位在某一点,因为熵池已经耗尽?
My question is will gen_pass be good for making strong crypto grade passwords always? If I call this function as quickly as possible will I stop getting strong cryto bits at some point because the entropy pool is depleted?
问题也可能是为什么/ dev / urandom 总是产生强烈的cryto位和不关心entropy_avail?
The question could also be why does /dev/urandom always produce strong cryto bits and not care about the entropy_avail?
urandom的设计,使其带宽上限的周期数你可以猜测将与熵的数量相关,但这是猜测,我找不到一个答案。
It is possible that /dev/urandom is designed so that its bandwidth is capped by the number of cycles you can guess will be correlated with an amount of entropy, but this is speculation and I can't find an answer.
这也是我的第一个stackoverflow问题所以请批评我。我担心,当知道答案的人可能知道背景时,我给了很多背景。
Also this is my first stackoverflow question so please critique me. I am concerned that I gave to much background when someone who knows the answer probably knows the background.
感谢
更新
我写了一些代码来查看熵池,而 / dev / urandom 正在读取:
I wrote some code to look at the entropy pool while the /dev/urandom was being read from:
import subprocess
import time
from pygooglechart import Chart
from pygooglechart import SimpleLineChart
from pygooglechart import Axis
def check_entropy():
arg = ['cat', '/proc/sys/kernel/random/entropy_avail']
ps = subprocess.Popen(arg,stdout=subprocess.PIPE)
return int(ps.communicate()[0])
def run(number_of_tests,resolution,entropy = []):
i = 0
while i < number_of_tests:
time.sleep(resolution)
entropy += [check_entropy()]
i += 1
graph(entropy,int(number_of_tests*resolution))
def graph(entropy,rng):
max_y = 200
chart = SimpleLineChart(600, 375, y_range=[0, max_y])
chart.add_data(entropy)
chart.set_colours(['0000FF'])
left_axis = range(0, max_y + 1, 32)
left_axis[0] = 'entropy'
chart.set_axis_labels(Axis.LEFT, left_axis)
chart.set_axis_labels(Axis.BOTTOM,['time in second']+get_x_axis(rng))
chart.download('line-stripes.png')
def get_x_axis(rng):
global modnum
if len(filter(lambda x:x%modnum == 0,range(rng + 1)[1:])) > 10:
modnum += 1
return get_x_axis(rng)
return filter(lambda x:x%modnum == 0,range(rng + 1)[1:])
modnum = 1
run(500,.1)
并且还运行:
while 1 > 0:
gen_pass()
然后我非常可靠地得到一个如下所示的图:
Then I pretty reliablly get a graph that looks like this:
制作运行 cat / dev / urandom 时的图形显示为smiler,而 cat / dev / random 非常快(这也只是每3秒左右读一个字节)
Making the graph while running cat /dev/urandom looks smiler and cat /dev/random drops off to nothing and stays low very quickly (this also only reads out like a byte every 3 seconds or so)
更新
如果我运行相同的测试,但使用gen_pass()的六个实例,我得到:
If I run the same test but with six instances of gen_pass(), I get this:
所以看起来像是有足够的熵。我应该测量密码生成率,并确保它实际上是上限,因为如果不是,那么鱼儿可能会发生。
So it looks like something is making it be the case that I have enough entropy. I should measure the password generation rate and make sure that it is actually being capped, because if it is not then something fishy may be going on.
更新
我发现这个电子邮件链
这说明urandom一旦池中只有128位就会停止拉熵。这与上述结果非常一致,意味着在这些测试中,我经常生成垃圾密码。
This says that urandom will stop pulling entropy once the pool only has 128 bits in it. This is very consistent with the above results and means that in those tests I am producing junk passwords often.
我之前的假设是,如果entropy_avail足够高(比如64位以上), / dev / urnadom 输出良好。这不是这样的情况看起来 / dev / urandom 被设计为为 / dev / random 留下额外的熵它需要它。
My assumption before was that if the entropy_avail was high enough (say above 64 bits) then /dev/urnadom output was good. This is not the case it seems that /dev/urandom was designed to leave extra entropy for /dev/random in case it needs it.
现在我需要了解一个SystemRandom调用需要多少个真随机位。
Now I need to find out how many true random bits a SystemRandom call needs.
推荐答案
/ dev / random 和 / dev / urandom 的输出之间存在细微差别。正如已经指出的, / dev / urandom 不会阻塞。这是因为它从一个伪随机数生成器获得输出,从 / dev / random 中的真实随机数播种。
There's a subtle difference between the output of /dev/random and /dev/urandom. As has been pointed out, /dev/urandom doesn't block. That's because it gets its output from a pseudo-random number generator, seeded from the 'real' random numbers in /dev/random.
/ dev / urandom 的输出几乎总是足够随机的 - 这是一个高质量的PRNG和随机种子。如果你真的需要一个更好的随机数据源,你可以考虑得到一个带有硬件随机数发生器的系统 - 我的上网本有一个VIA C7,它可以产生相当多的正确随机数据(我得到一致的99.9 kb / s out of / dev / random,545kb / s out of / dev / urandom)。
The output of /dev/urandom will almost always be sufficiently random -- it's a high-quality PRNG with a random seed. If you really need a better source of random data, you could consider getting a system with a hardware random number generator -- my netbook has a VIA C7 in it, which can generate quite a lot of properly random data (I get a consistent 99.9kb/s out of /dev/random, 545kb/s out of /dev/urandom).
另外,如果你生成密码,查看 pwgen - 它为您提供了不错的可发声的密码: )。
As an aside, if you're generating passwords then you might want to look at pwgen -- it makes nice pronounceable passwords for you :).
这篇关于将python SystemRandom / os.urandom总是有足够的熵为好的加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
