I'm working on generating very large random integers in C. I've found that /dev/random is a good source, but it blocks if the entropy pool is exhausted. /dev/urandom seemed like the next goto, but the quality of randomness is not as good in comparison. Is there a way I can use an integer from /dev/random to seed a PRNG so that I don't have to keep reading from /dev/random? I am looking for a cryptographically secure PRNG, though not long term.
Using integers from /dev/random
to seed a PRNG is exactly what /dev/urandom
does. Unless you have evidence of a specific weakness in urandom, you are reinventing the wheel.
While it is true that urandom is weaker than /dev/random
, your proposed scheme is weak in exactly the same way, so it provides no benefit over just using urandom. urandom has the additional benefit that it can continuously mix new entropy into the generated numbers as new entropy becomes available from the underlying hardware. FreeBSD for example only has a urandom-style device.
Finally, urandom has been around for many years and its source has been reviewed by security experts, which is not the case with a replacement one can roll on his own.