Quote:
Originally Posted by GazL
@abga,
The linux devs claim that urandom is a "cryptographicly secure rng", and until someone proves that it's not, that's good enough for me.
|
Quite the contrary, they warn you in the kernel 5.6 with the flag GRND_INSECURE, should you not choose to ignore it, because the system can enter a state where the entropy gets limited/depleted and the output of the newly implemented RNG mechanism resembles to some extent the fallacy described in chapter:
6.1.1. The Fallacy of Complex Manipulation
https://tools.ietf.org/html/rfc4086
What I learned during this discussion is that the kernel folks want to get rid of the responsibility of providing a crypto secure RNG on OS level, I do understand them, it's not a trivial task and they are under constant pressure from the userspace crypto devs. I wasn't prepared for the depth of the rabbit hole and got really worried now that in this kernel RNG devs & userspace crypto devs "war" it's the end users (losers) that will have to suffer.
It's very dangerous to jump to simplifying conclusions when not understanding the underlying basics about cryptography, especially in a manner that could negatively influence other people and, especially on key component (crypto) that, unfortunately, is the only one on which the whole trust system is based on.