Skip to content
Tech News
← Back to articles

Myths about /dev/urandom

2026-05-14 | original
read original get Entropy Source USB Stick → more articles
Why This Matters

This article clarifies common misconceptions about /dev/urandom and /dev/random, emphasizing that both use cryptographically secure pseudorandom number generators and are suitable for cryptographic purposes. It highlights that the perceived differences are minimal and that /dev/urandom is generally preferred due to its non-blocking nature, making it more practical for most applications. Understanding these nuances is crucial for developers and security professionals to make informed decisions about cryptographic randomness sources.

Key Takeaways

Myths about /dev/urandom

Note from 2024: This article was published on March 16th, 2014 . It is still correct in its discussion of entropy and randomness, but the Linux kernel random number generator has been reworked several times since then and does not look like this anymore. Good news: the separation between /dev/urandom and /dev/random is practically gone.

There are a few things about /dev/urandom and /dev/random that are repeated again and again. Still they are false.

I’m mostly talking about reasonably recent Linux systems, not other UNIX-like systems.

/dev/urandom is insecure. Always use /dev/random for cryptographic purposes.

Fact: /dev/urandom is the preferred source of cryptographic randomness on UNIX-like systems.

/dev/urandom is a pseudo random number generator, a PRNG, while /dev/random is a “true” random number generator.

Fact: Both /dev/urandom and /dev/random are using the exact same CSPRNG (a cryptographically secure pseudorandom number generator). They only differ in very few ways that have nothing to do with “true” randomness.

/dev/random is unambiguously the better choice for cryptography. Even if /dev/urandom were comparably secure, there’s no reason to choose the latter.

Fact: /dev/random has a very nasty problem: it blocks.

... continue reading

Explore topics: dev/urandom linux kernel cryptographic randomness pseudo random generator entropy
Related:
The third major Linux kernel flaw in two weeks has been found - thanks to AI
Myths about /dev/urandom (2014)
AMD's legendary K5, its first independently-designed processor, is being removed from the Linux kernel — 4.3-million-transistor chip gets the axe because it lacks Time Stamp Counter (TSC) support, making it a coding burden
Killswitch: Per-function short-circuit mitigation primitive
Dirty Frag: Universal Linux LPE

© 2026 GoKawiil

About | Editorial Policy | Contact