From 25a6eaa44c94f0e6cb332efa9d4951d1fd27b1ec Mon Sep 17 00:00:00 2001 From: thesourcerer8 Date: Tue, 27 Oct 2015 21:35:46 +0100 Subject: [PATCH] Adding notice for depletion of /dev/*random --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ddad600..1afbf4e 100644 --- a/README.md +++ b/README.md @@ -167,6 +167,7 @@ A good example of the type of analysis to strive for can be shown in Jacob Appel * Cryptographic Key Generation should be done carefully * Key Generation should generally not be done on device startup, as the device may be in a low or no-entropy state * Should use a blocking source of randomness + * Should not deplete the randomness source by using blocked IO (e.g. fopen(/dev/random)+fread(), see http://stackoverflow.com/questions/8699397 ) * Special care should be taken if it is an embedded device or the quality of randomness is suspect * One party should not be able to control a key entirely in a shared-generation scenario * Keys should not be mathematically related, but instead derived through pseurandom mixing functions (hash functions) @@ -473,4 +474,4 @@ This document was primarily authored by Tom Ritter. It would be impossible to li # Licensing -This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License: http://creativecommons.org/licenses/by-sa/3.0/ \ No newline at end of file +This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License: http://creativecommons.org/licenses/by-sa/3.0/