[whatwg] Cryptographically strong random numbers

On Mon, Feb 14, 2011 at 5:46 PM, Shabsi Walfish <shabsi at google.com> wrote:

> This depends on what you consider to be the basic use case. Generating
> long-lived cryptographic keys absolutely requires high quality entropy... if
> you are only generating short-lived authenticators (that are not used for
> encryption) then you could get away with weaker entropy. You will get the
> most mileage out of this feature if it can be used to generate encryption
> keys, or long-lived signing keys.


OpenSSL gets randomness for generating keys by reading /dev/urandom.  It
doesn't seem to do any other tricks, like reading
/proc/sys/kernel/random/entropy_avail.  That at least suggests it's
sufficient for securely generating keys, without more complex APIs like
exposing the amount of entropy that was available.

-- 
Glenn Maynard

Received on Monday, 14 February 2011 15:36:31 UTC