{"id":701,"date":"2018-03-20T16:41:49","date_gmt":"2018-03-20T08:41:49","guid":{"rendered":"https:\/\/blog.jsjs.org\/?p=701"},"modified":"2018-03-20T16:41:49","modified_gmt":"2018-03-20T08:41:49","slug":"dev-urandom","status":"publish","type":"post","link":"https:\/\/blog.jsjs.org\/?p=701","title":{"rendered":"\/dev\/urandom"},"content":{"rendered":"<div class=\"votecell post-layout--left\">\n<div class=\"vote\"><span class=\"vote-count-post \">40<\/span> <a class=\"vote-down-off\" title=\"This answer is not useful\">down vote<\/a> <span class=\"vote-accepted-on load-accepted-answer-date\" title=\"The question owner accepted this as the best answer May 16 '17 at 10:18.\">accepted<\/span><\/div>\n<\/div>\n<div class=\"answercell post-layout--right\">\n<div class=\"post-text\">\n<h3>TL;DR<\/h3>\n<p>Use <code>\/dev\/urandom<\/code> for most practical purposes.<\/p>\n<p>The longer answer depends on the flavour of Unix that you&#8217;re running.<\/p>\n<h3>Linux<\/h3>\n<p><a href=\"https:\/\/unix.stackexchange.com\/q\/323610\/143394\">Historically, <code>\/dev\/random<\/code> and <code>\/dev\/urandom<\/code> were both introduced at the same time.<\/a><\/p>\n<p>As @DavidSchwartz pointed out <a href=\"https:\/\/unix.stackexchange.com\/q\/323610\/143394\">in a comment<\/a>, using <code>\/dev\/urandom<\/code> is preferred in the vast majority of cases. He and others also provided a link to the excellent <a href=\"http:\/\/www.2uo.de\/myths-about-urandom\/\" rel=\"noreferrer\">Myths about <code>\/dev\/urandom<\/code><\/a> article which I recommend for further reading.<\/p>\n<p>In summary:<\/p>\n<ul>\n<li>The <a href=\"http:\/\/man7.org\/linux\/man-pages\/man4\/random.4.html\" rel=\"noreferrer\">manpage<\/a> is misleading<\/li>\n<li>Both are fed by the <em>same<\/em> <a href=\"https:\/\/en.wikipedia.org\/wiki\/Cryptographically_secure_pseudorandom_number_generator\" rel=\"noreferrer\">CSPRNG<\/a> to generate randomness (<a href=\"http:\/\/www.2uo.de\/myths-about-urandom\/\" rel=\"noreferrer\">diagrams 2 and 3<\/a>)<\/li>\n<li><code>\/dev\/random<\/code> blocks when it runs out of entropy<\/li>\n<li>The amount of entropy is conservatively estimated, but not counted<\/li>\n<li><code>\/dev\/urandom<\/code> will never block, reading from <code>\/dev\/random<\/code> can halt processes execution.<\/li>\n<li>In rare cases very shortly after boot, the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Cryptographically_secure_pseudorandom_number_generator\" rel=\"noreferrer\">CSPRNG<\/a> may not have had enough entropy to be properly seeded and <code>\/dev\/urandom<\/code> may not produce high-quality randomness.<\/li>\n<li>Entropy running low is not a problem if the CSPRNG was initially seeded properly<\/li>\n<li>The CSPRNG is being constantly re-seeded<\/li>\n<li>In Linux 4.8 and onward, <code>\/dev\/urandom<\/code> does not deplete the entropy pool (used by <code>\/dev\/random<\/code>) but uses the CSPRNG output from upstream.<\/li>\n<li>Use <code>\/dev\/urandom<\/code>.<\/li>\n<\/ul>\n<p><strong>Exceptions to the rule<\/strong><\/p>\n<p>In the Cryptography Stack Exchange&#8217;s <a href=\"https:\/\/crypto.stackexchange.com\/q\/41595\/40609\">When to use <code>\/dev\/random<\/code> over <code>\/dev\/urandom<\/code> in Linux<\/a> @otus <a href=\"https:\/\/crypto.stackexchange.com\/a\/41596\/40609\">gives two use cases<\/a>:<\/p>\n<ol>\n<li>Shortly after boot on a low entropy device, if enough entropy has not yet been generated to properly seed <code>\/dev\/urandom<\/code>.<\/li>\n<li><a href=\"https:\/\/crypto.stackexchange.com\/q\/35031\/40609\">Generating a one-time pad with information theoretic security<\/a><\/li>\n<\/ol>\n<p>If you&#8217;re worried about (1), you can <a href=\"https:\/\/serverfault.com\/q\/529750\/322507\">check the entropy available in <code>\/dev\/random<\/code><\/a>.<\/p>\n<p>If you&#8217;re doing (2) you&#8217;ll know it already \ud83d\ude42<\/p>\n<p>Note: You can <a href=\"https:\/\/unix.stackexchange.com\/q\/243127\/143394\">check if reading from \/dev\/random will block<\/a>, but beware of possible race conditions.<\/p>\n<p><strong>Alternative: use neither!<\/strong><\/p>\n<p>@otus also pointed out that the <a href=\"http:\/\/man7.org\/linux\/man-pages\/man2\/getrandom.2.html\" rel=\"noreferrer\"><code>getrandom()<\/code><\/a> system will read from <code>\/dev\/urandom<\/code> and only block if the initial seed entropy is unavailable.<\/p>\n<p>There are <a href=\"https:\/\/lkml.org\/lkml\/2016\/10\/21\/982\" rel=\"noreferrer\">issues with changing <code>\/dev\/urandom<\/code> to use <code>getrandom()<\/code><\/a>, but it is conceivable that a new <code>\/dev\/xrandom<\/code> device is created based upon <code>getrandom()<\/code>.<\/p>\n<h3>macOS<\/h3>\n<p>It does&#8217;t matter, as <a href=\"https:\/\/en.wikipedia.org\/wiki\/\/dev\/random#macOS_and_iOS\" rel=\"noreferrer\">Wikipedia says<\/a>:<\/p>\n<blockquote><p>macOS uses 160-bit <a href=\"https:\/\/en.wikipedia.org\/wiki\/Yarrow_algorithm\" rel=\"noreferrer\">Yarrow<\/a> based on SHA1. There is no difference between \/dev\/random and \/dev\/urandom; both behave identically. Apple&#8217;s iOS also uses Yarrow.<\/p><\/blockquote>\n<h3>FreeBSD<\/h3>\n<p>It does&#8217;t matter, as <a href=\"https:\/\/en.wikipedia.org\/wiki\/\/dev\/random#FreeBSD\" rel=\"noreferrer\">Wikipedia says<\/a>:<\/p>\n<blockquote><p><code>\/dev\/urandom<\/code> is just a link to <code>\/dev\/random<\/code> and only blocks until properly seeded.<\/p><\/blockquote>\n<p>This means that after boot, FreeBSD is smart enough to wait until enough seed entropy has been gathered before delivering a never-ending stream of random goodness.<\/p>\n<h3>NetBSD<\/h3>\n<p>Use <code>\/dev\/urandom<\/code>, assuming your system has read at least once from <code>\/dev\/random<\/code> to ensure proper initial seeding.<\/p>\n<p>The <a href=\"https:\/\/www.netbsd.org\/~riastradh\/tmp\/20141116\/rnd.html\" rel=\"noreferrer\">rnd(4) manpage says<\/a>:<\/p>\n<blockquote><p><code>\/dev\/urandom<\/code> Never blocks.<\/p>\n<p><code>\/dev\/random<\/code> Sometimes blocks. Will block early at boot if the system&#8217;s state is known to be predictable.<\/p>\n<p>Applications should read from \/dev\/urandom when they need randomly generated data, e.g. cryptographic keys or seeds for simulations.<\/p>\n<p>Systems should be engineered to judiciously read at least once from \/dev\/random at boot before running any services that talk to the internet or otherwise require cryptography, in order to avoid generating keys predictably.<\/p><\/blockquote>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>40 down vote accepted TL;DR Use \/dev\/urandom for most practical purposes. The longer answer depends on the flavour of Unix [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1],"tags":[],"class_list":["post-701","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/posts\/701","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=701"}],"version-history":[{"count":0,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/posts\/701\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=701"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=701"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=701"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}