Is /proc/sys/kernel/random/uuid strong keying material?

I've been looking at ways to generate a strong 256 bit/32 byte symmetric key for the HMAC_SHA256 algorithm. I stumbled upon the /proc/sys/kernel/random/uuid file.

According to man random(4): "The read-only files uuid and boot_id contain random strings like 6fd5a44b-35f4-4ad4-a9b9-6b9be13e1fe9. The former is generated afresh for each read, the latter was generated once."

The stri开发者_如何学编程ng from cat /proc/sys/kernel/random/uuid looks ideal for this purpose. I can remove the '-' chars and end up with a 32 bytes of randomness.

Is this a valid approach to generate a cryptographically strong source of keying material?

An old question but in case anyone stumbles on it, I wouldn't advise this.

/proc/sys/kernel/random/uuid is a type 4 (random) UUID with certain semantics - it's not just a string of random hex characters. For example you'll see the first digit in the third group is always a 4.

For 256 random bits just read 32 bytes from /dev/random (uses external entropy, can block) or /dev/urandom (never blocks).

o172.net is the best answer, would comment on it directly but cannot.

/proc/sys/kernel/random/uuid is based on urandom but it is best to grab from urandom directly.

This below is how to get it from the shell, the following gets 32 ascii hex bytes:

echo $(tr -dc a-f0-9 < /dev/urandom | dd bs=32 count=1 2> /dev/null)

You can change the char set via the tr params, the bytes by the

dd bs=
or not use tr

and get random binary.

Would you rely on a well-defined deterministic pseudo-random algorithm for key generation? That's the question basically.

I'd say, take the UUID as a base for your key, but do one pass of encryption on it using a secret key of yours.