I thought I’d share my latest discovery. Linux has two “random number generators” as pseudo-hardware devices (that is, they’re in \/dev, but aren’t actual hardware, much like \/dev\/null.) They’re called \/dev\/random and \/dev\/urandom. I never knew, or even thought much about, the difference.<\/p>\n
\/dev\/random will “block” if it runs out of entropy<\/a>. \/dev\/urandom is less secure in that it will keep serving data, but it will be from a less-secure pseudo-random series.<\/p>\n The difference is quite useful. For example, when encrypting something, it’s important to have “good” random numbers, hence \/dev\/random is indicated. On the other hand, the caching resolver I’m running (localish-only) on this server uses \/dev\/urandom: randomness prevents cache poisoning<\/a>, but I really don’t want my DNS queries waiting for the “entropy pool” to get refilled.<\/p>\n As an aside, some tools<\/a> to measure the effective randomness of your nameserver’s ports. Comcast, pretty impressively, ranks “Great” on the tests, as do the various caching nameservers in use on our webserver.<\/p>","protected":false},"excerpt":{"rendered":" I thought I’d share my latest discovery. Linux has two “random number generators” as pseudo-hardware devices (that is, they’re in \/dev, but aren’t actual hardware, much like \/dev\/null.) They’re called \/dev\/random and \/dev\/urandom. I never knew, or even thought much … Continue reading