Issue #9569 has been updated by Corey Csuhta.


The `random(4)` manpage on Linux isn't accurate in this reguard. You **can** use it as more than just a seed source, and you can use it as frequently as you want.

On modern Linux, both `/dev/random` and `/dev/urandom` are [CSPRNG](http://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator)s, and can be used safely (after system boot, see references). The only difference is that `/dev/random` attempts to keep some kind of measure of its available entropy, and will sometimes block if if feels unsatisfied about that. On FreeBSD, Unix, and OS X, there is no difference between `/dev/random` and `/dev/urandom` anymore, and the manpages on OS X at least don't include this "rate-limit" hokum about `/dev/urandom`.

Two additional points:

OpenSSL seeds itself from `/dev/urandom` as you stated, but you could run a lot of OpenSSL processes on your system at one time and none of them would complain that your `/dev/urandom` is not currently to be trusted because you used it too much.

`SecureRandom` in Ruby will use `/dev/urandom` if OpenSSL is not available, based on the code snippet I linked in the original post. This is contrary to your statement that `/dev/urandom` is not safe for cookies or frequent access. As currently implemented, `SecureRandom` **will** access `/dev/urandom` frequently if OpenSSL is not available.

References:
http://blog.cr.yp.to/20140205-entropy.html
http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man4/random.4.html
http://security.stackexchange.com/questions/3936/is-a-rand-from-dev-urandom-secure-for-a-login-key


----------------------------------------
Feature #9569: SecureRandom should try /dev/urandom first
https://bugs.ruby-lang.org/issues/9569#change-45494

* Author: Corey Csuhta
* Status: Rejected
* Priority: Normal
* Assignee: 
* Category: lib
* Target version: current: 2.2.0
----------------------------------------
Right now, `SecureRandom.random_bytes` tries to detect an OpenSSL to use before it tries to detect `/dev/urandom`. I think it should be the other way around. In both cases, you just need random bytes to unpack, so SecureRandom could skip the middleman (and [second point of failure](http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/)) and just talk to `/dev/urandom` directly if it's available.

Is this a case of just re-ordering the two code chunks so that `/dev/urandom` is tried first?

Relevant lines: https://github.com/ruby/ruby/blob/trunk/lib/securerandom.rb#L59-L90



-- 
http://bugs.ruby-lang.org/