Answer by Tom Hale for Is a rand from /dev/urandom secure for a login key?
Be aware of edge-cases if you're using Linux or NetBSD.On Linux, you'd want make sure that enough entropy has been gained after boot to properly seed the CSPRNG, or use the getrandom() system call to...
View ArticleAnswer by Buktop for Is a rand from /dev/urandom secure for a login key?
From http://www.linuxfromscratch.org/hints/downloads/files/entropy.txt"Generating true entropy in a computer is fairly difficult because nothing,outside of quantum physics, is random. The Linux kernel...
View ArticleAnswer by D.W. for Is a rand from /dev/urandom secure for a login key?
Yes, it's a great way.@Thomas's explanation nails it. And he is completely right to criticize the /dev/urandom man page. Spot on.But skip "checking if it already exists". That check is pointless. It...
View ArticleAnswer by Thomas Pornin for Is a rand from /dev/urandom secure for a login key?
The short answer is yes. The long answer is also yes. /dev/urandom yields data which is indistinguishable from true randomness, given existing technology. Getting "better" randomness than what...
View ArticleIs a rand from /dev/urandom secure for a login key?
Lets say I want to create a cookie for a user. Would simply generating a 1024 bit string by using /dev/urandom, and checking if it already exists (looping until I get a unique one) suffice?Should I be...
View Article
