On Fri, Feb 14, 2014 at 1:02 PM, Andrey Andreev <[email protected]> wrote:
> On Fri, Feb 14, 2014 at 2:26 PM, Pierre Joye <[email protected]> wrote:
> >
> > On Feb 14, 2014 7:03 PM, "Andrey Andreev" <[email protected]> wrote:
> >> ALL sources
> >> say that /dev/urandom is both widely used and considered safe for
> >> cryptography. Only a select few mention that it could be a bit weaker
> >> in specific cases, in theory.
> >
> > No urandom (and similar) are not crypto safe. Totally not. They are
> however
> > good enough for most usages but crypto safe related tasks like key
> > generation and the likes. Any (good) paper mentions this.
> >
> > Cheers,
> > Pierre
>
> So how does openssl_random_pseudo_bytes() work without blocking then?
>
> $ cat test.php
> <?php
> $crypto_strong = NULL;
> $orandom = openssl_random_pseudo_bytes(32, $crypto_strong);
> var_dump(bin2hex($orandom), $crypto_strong);
> $mrandom = mcrypt_create_iv(32, MCRYPT_DEV_RANDOM);
> var_dump($mrandom);
>
> $ php test.php
> string(64)
> "bc10fe2a302039bc0b1ff85b1da53d1b2dc73be515bc1ab9a4a1f8895da7357b"
> bool(true)
> (blocks)
>
> If it doesn't block, it obviously doesn't use (only) /dev/random, yet
> it says that the output is crypto-safe. Or is that a bug?
>
OpenSSL uses their PRNG where /dev/urandom is used as a default source on
Unix for seeding. See
https://github.com/openssl/openssl/blob/master/e_os.h#L82
https://github.com/openssl/openssl/blob/master/crypto/rand/rand_unix.c#L246
and
https://github.com/openssl/openssl/blob/master/crypto/rand/md_rand.c
for PRNG implementation
I think that they are considering the source strong enough for seeding but
you can still add entropy if you want to. I have covered the complete
OpenSSL API in my crypto ext. See the readme in
https://github.com/bukka/php-crypto for more
details (scroll down to see
the the API for Crypto\Rand class)
Regards
Jakub