Collaborate Disseminate
I’m developing jwt auth feature with Spring WebFlux. And, I found the blocking calls in jjwt library by using BlockHound.
The reason of blocking calls was SecureRandom use /dev/random to make random number in default on Linux system.
To pr… Continue reading Is it ok to use NativePRNGNonBlocking SecureRandom for making jwt? [duplicate]
Let’s say you cat /dev/random or /dev/urandom all day from boot to system shutdown, either redirecting the output to a file, or just catting it (in a terminal, or whatever) doesn’t matter. Is this insecure, or a bad idea? If so, why?
Revea… Continue reading Is it bad to reveal random bytes from a system?
I’m looking at way to generate random numbers for cryptographic purposes. More specifically, I looked at the Linux /dev/urandom function, which is considered a real random number generator. There are others number generators such as the gl… Continue reading What is "environmental noise"?
Let’s state that I have a huge bunch of truly unpredictable random data in file "random.bin". The random data has been created outside of my system and has been securely transfered into my system.
Questions:
How could I feed thi… Continue reading Feeding entropy pool with my own data
I’m in the process of setting up a local (i.e. offline and very limited) business, and I’m thinking of generating invoice IDs randomly to avoid the clients knowing that they’re customer number #00000001 (and because I prefer something like… Continue reading Randomly generating invoice IDs
I’m new to the /dev/random and /dev/urandom pipes in general and have an application calling from /dev/urandom which I’m attempting to inject entropy into. I’d prefer not to change the source for this application, but an additional proces… Continue reading Does rngd -r /path/to/file inject into /dev/urandom in addition to /dev/random?
I’m reading a lot about entropy on macOS…
I know it doesn’t use Yarrow anymore as per this FIPS 140-02 doc a NIST compliant DRBG.
I read a lot:
https://github.com/briansmith/ring/pull/398
How can I measure (and increase… Continue reading Is reading from /dev/urandom on macOS Catalina a safe way to produce cryptographically secure data?
This question already has an answer here:
Is a rand from /dev/urandom secure for a login key?
4 answers
Simply put, what … Continue reading What is the difference between /dev/random and /dev/urandom? [duplicate]
There’s a couple of programs that I’ve been using recently that ask you to type random keys as a source of randomness to seed an RNG for key generation.
Is this considered a good practice still, or is it better to rely on /dev/urandom and… Continue reading Is pressing random keys a secure way to seed a key generator?
i want to now if it is possible to have some device like that but only you feed it manually, but like /dev/u/random does, but it gives you NOT random data { your data } whenever you calls it. obviously i dont care about rand… Continue reading is it possible to have some thing like /dev/u/random