Is / proc / sys / kernel / random / uuid strong stuff?

Question

Is / proc / sys / kernel / random / uuid strong stuff?

I was looking for ways to create a strong 256-bit / 32-byte symmetric key for the HMAC_SHA256 algorithm. I came across the file / proc / sys / kernel / random / uuid.

According to man random (4) : "The read-only files uuid and boot_id contain random strings, such as 6fd5a44b-35f4-4ad4-a9b9-6b9be13e1fe9. The first one is regenerated for each read, the last one is generated once."

A string of cat /proc/sys/kernel/random/uuidlooks perfect for this purpose. I can remove the "-" characters and end up with 32 bytes of randomness.

Is this a valid approach to creating a cryptographically strong source of key material?

+5

uuid random

pfarber May 03 '11 at 17:09

source share

3 answers

helloPiers · Answer 1 · 2013-01-07T11:40:27+0000

An old question, but if anyone tripped over it, I would not advise it.

/proc/sys/kernel/random/uuid- this is type 4 (random) UUID with certain semantics - it is not just a string of random hexadecimal characters. For example, you will see that the first digit in the third group is always 4.

For 256 random bits, just read 32 bytes from /dev/random(uses external entropy, can block) or /dev/urandom(never blocks).

Aviad P. · Answer 2 · 2011-05-03T17:22:28+0000

Will you rely on a well-defined deterministic pseudo-random key generation algorithm? This is a question mainly.

I would say take the UUID as the base for your key, but do one encryption pass on it using the secret key.

mycal · Answer 3 · 2016-11-19T00:59:05+0000

o172.net - , , .

/proc/sys/kernel/random/uuid urandom, .

, , 32 ascii:

echo $(tr -dc a-f0-9 < /dev/urandom | dd bs=32 count=1 2> /dev/null)

You can change char parameter with parameters tr, bytes

dd bs=
or not use tr

and get a random binary.

Is / proc / sys / kernel / random / uuid strong stuff?

More articles: