I've been thinking. Please bear with me as I try to establish my current understanding.
- I understand that OpenSSL will use /dev/urandom if available, and only use /dev/random if /dev/urandom is not available, in order to seed its own PRNG.
- I understand that /dev/urandom produces low quality streams as it will always output values, even when the entropy pool is exhausted.
However, I am at a loss to understand why anyone would use urandom for password generation, if they are concerned about the quality of random number generation.
The urandom pseudo device is not available on every OS, but on those where it is still available I'd thought it was intended for use in transient functions, such as padding bytes or short lifespan keys (such as one might find in PKI for telecommunications).
I ask because both of you have apparently made the recommendation.
If I assume the quality of OpenSSL PRNG that seeds from /dev/urandom is of equivalent quality to the /dev/urandom stream itself, then $ openssl rand -hex ...
produces the same quality of random hex stream as
$ dd if=/dev/[u]random ... | hexdump ...
I don't know if the PRNG seeded by urandom is of equivalent quality. But I cannot see it being better than urandom itself, and based only on what I know of urandom, I wouldn't recommend it as a base for static keys such as passwords.
Have I misunderstood?
It's an academic question if the OS
doesn't have urandom, of course.