Does 'urandom' share the same entropy of 'random'?

Solution 1:

At the end of the day, what urandom gives you may well be implementation-specific, but the man page says that it will use the available entropy if it's there, and only fall back to the PRNG when it runs out of entropy. So if you have enough entropy, you should get as good a result as if you'd used random instead.

But, and this is a big but: You have to assume you're getting a purely pseudo-generated value with no genuine entropy at all, because the entropy pool may be empty. Therefore, you have to treat urandom as a PRNG, even though it may do better than that in any given situation. Whether it does is not deterministic (within the confines of your code) and you have to expect that the worst case will apply. After all, if you were sure there's enough entropy in the pool, you'd use random, right? So the act of using urandom means you're okay with a PRNG, and that means a potentially, theoretically crackable result.

Solution 2:

The problem here is not that /dev/urandom is a PRNG. The problem is /dev/urandom will not block until enough entropy has been gathered to seed it.

Thus, you don't want to use either /dev/random or /dev/urandom on Linux. You need something which provides a replacement for these, be it a kernel module or a daemon.

Another option is to switch to FreeBSD where both /dev/random and /dev/urandom do what you want, i.e. they provide cryptographically strong pseudo-random numbers and block until they are seeded.