View Single Post
  #5   (View Single Post)  
Old 10th February 2014
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 1,027
Default

jggimi, I think you're asking "How much worse is /dev/urandom than /dev/random ?" and "How suitable is the output of /dev/urandom for various password usages?" Those are great questions and I am not expert enough to answer them in any depth at all. I would suspect the quality of urandom might vary somewhat depending on the OS, of course, and the appropriateness of its usage would vary greatly with the intended application. For example if you wanted, say, an 8- or 10-digit password to sign up for a short-term use forum somewhere, I'll go on a limb and say /dev/urandom is probably good enough, and better than typing "asdklj3f" or something like that.

For that reason my script supports both devices; it's really up to the user to decide which is best for their needs. It doesn't recommend one or the other for everything. The reason urandom is the default is simply that it doesn't block.

When I used it to generate a WPA PSK "for real", I did use /dev/random, and had to type a lot of keystrokes into a console before it finished -- it seemed worth the trouble in that case.

ADDED: I've also used the same technique to generate random wireless MAC addresses:

Code:
00`hexdump -n5 -e'5/1 ":%02x"' /dev/urandom`
In this case cryptographic strength isn't a real issue and non-blocking of /dev/urandom is very helpful as the command is run in a shell script. (Just another application, nothing to do with randpass.sh.)

Last edited by IdOp; 10th February 2014 at 08:25 PM.
Reply With Quote