12. Security
libreSSLuuid
12.1. Random
/etc/ca-certificates/dev/random/dev/urandom/dev/null/etc/sudoers.d
12.2. /dev/random vs /dev/urandom
Using
/dev/urandomis preferred in the vast majority of casesBoth are fed by the same
CSPRNGto generate randomness/dev/urandomwill never block/dev/randomblocks when it runs out of entropy, so reading from it can halt process execution
The amount of entropy is conservatively estimated, but not counted.
In rare cases very shortly after boot, the CSPRNG may not have had
enough entropy to be properly seeded and /dev/urandom may not
produce high-quality randomness. Entropy running low is not a problem
if the CSPRNG was initially seeded properly. The CSPRNG is being
constantly re-seeded. In Linux 4.8 and onward, /dev/urandom does not
deplete the entropy pool (used by /dev/random) but uses the CSPRNG
output from upstream. 1
12.3. Commands
head -c 100 /dev/urandom- read 100 bytes from/dev/urandomdd count=100 bs=1 if=/dev/urandom 2>/dev/nulldd count=100 bs=1 if=/dev/urandom 2>&-
Command |
Type |
Description |
|---|---|---|
|
hash database access method |
|
|
OpenPGP encryption and signing tool |
|
|
compute and check MD5 message digest |
|
|
(1ssl) |
OpenSSL command line program |
|
compute and check SHA1 message digest |
|
|
compute and check SHA256 message digest |
|
|
compute and check SHA512 message digest |
|
|
Print or Check SHA Checksums |
|
|
base64 encode/decode data and print to standard output |
|
|
12.4. References
- 1
Hale, T. When to use /dev/random vs /dev/urandom. Year: 2016. Retrieved: 2022-06-28. URL: https://unix.stackexchange.com/a/324210