Cryptographically Secure PRNGs
Explore /dev/urandom, ChaCha20-CSPRNG, and Fortuna.
CSPRNG Requirements Recap
A CSPRNG must satisfy: (1) next-bit unpredictability — knowing all previous bits, the next bit cannot be predicted with probability > 1/2 + negligible. (2) state compromise extension resistance — learning the current state reveals nothing about past output.
/dev/urandom and getrandom()
Linux /dev/urandom uses a CSPRNG seeded from the entropy pool. After initial seeding (128 bits of entropy), it is safe to use even when the pool is "empty" — the CSPRNG maintains its own internal state. getrandom() is the modern syscall equivalent.
All lessons in this course
- True Randomness vs Pseudorandomness
- Cryptographically Secure PRNGs
- Entropy Starvation & Weak-Key Bugs
- Generating Keys, Nonces & IVs Safely