A good idea with bad usage: /dev/urandom

Can we please stop cargo-culting the &quot;fact&quot; that &#x2F;dev&#x2F;random outputs raw entropy while &#x2F;dev&#x2F;urandom is the output of a CSPRNG? They are <i>both</i> outputs from the <i>same</i> CSPRNG algorithm[1].<p>Edit: I&#x27;m eagerly awaiting the tptacek takedown of this article. Comments like &quot;even a regular user can run: cat &#x2F;dev&#x2F;random &gt; &#x2F;dev&#x2F;null &amp; cat &#x2F;dev&#x2F;zero &gt; &#x2F;dev&#x2F;random... entropy will be degraded&quot; do not give me confidence in this guy&#x27;s understanding of the systems involved. Same with his blatant misreading of RNDZAPENTCOUNT and RNDCLEARPOOL, which simple research[2] reveals only clears the entropy <i>count</i> and does nothing to the underlying entropy pool itself.<p>[1]: <a href="http://www.2uo.de/myths-about-urandom/" rel="nofollow">http:&#x2F;&#x2F;www.2uo.de&#x2F;myths-about-urandom&#x2F;</a><p>[2]: <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/char/random.c#n1468" rel="nofollow">http:&#x2F;&#x2F;git.kernel.org&#x2F;cgit&#x2F;linux&#x2F;kernel&#x2F;git&#x2F;torvalds&#x2F;linux.g...</a>

I might be mistaken, but doesn&#x27;t changing &#x2F;dev nodes require super user rights? If an attacker has those, he could simply overwrite your libressl binary. Or patch the kernel. Or....

Lots of errors in this article. It particularly rankles my sensibilities when he says randomness doesn&#x27;t actually exist and it&#x27;s just when humans can&#x27;t track all the variables.<p>Randomness is much more interesting than that, and while it would make a lot more sense for the sake of classical mechanics, it cannot possibly be explained away so neatly according to Bell&#x27;s Inequality.

The second paragraph of the article is fundamentally wrong:<p><pre><code> Now randomness doesn&#x27;t really exist. When we humans see something as random, it&#x27;s only because we don&#x27;t know or understand all the details. Therefore, any perceived randomness on your part is your inability to track all the variables. </code></pre> (The currently accepted explanation of) quantum mechanics says otherwise. The essence of quantum mechanics is not certainly but <i>probability</i>. But this annoyed even Einstein, who famously said &quot;God does not throw dice&quot;. Einstein was (probably) wrong about this.<p>Stephen Hawking says:<p><pre><code> God does play dice with the universe. All the evidence points to him being an inveterate gambler, who throws the dice on every possible occasion. [1] </code></pre> [1] <a href="http://www.hawking.org.uk/does-god-play-dice.html" rel="nofollow">http:&#x2F;&#x2F;www.hawking.org.uk&#x2F;does-god-play-dice.html</a>

The first issue he brings up seems legit. Whter it is exploitable or not depends heavily on if an unprivileged account can trigger a read to &#x2F;dev&#x2F;urandom to abort early by triggering an interrupt. I don&#x27;t know Linux internals well enough to know if this is the case, but since this is documented behavior it seems reasonable to concede that there could be some platform where its true.<p>Everything else seems specious. If you are in an environment controlled by an attacker there is no case where you can reliably generate random numbers. Sure as an attacker that already has root access I could replace &#x2F;dev&#x2F;urandom with a link to &#x2F;dev&#x2F;zero, but why would I do that when I could just install a kernel module that silently sent me whatever real random seed I decided to give you or patch your process to send the keys that are the end product of that randomness to my self?