Quoting Linus Torvalds <torvalds@transmeta.com>:
> Be realistic. This is what I ask of you. We want _real_world_ security,
> not a completely made-up-example-for-the-NSA-that-is-useless-to-anybody-
> else.
>
> All your arguments seem to boil down to "people shouldn't use /dev/random
> at all, they should use /dev/urandom".
Wouldn't it be much easier to ask -very few- people (GnuPG/SSL/SSH teams
primarily) to use /dev/super-reliable-mathematically-proven-random if
available, instead of asking much larger crowd to hack their code? This
will be backward compatible, and at the same time offers a much better
randomness for those who care about it. Myself, I read 128-bit session
keys for multiple, not-so-secure, short connections from /dev/random and
it would be sad if it runs out of data.
Also, /dev/random may take data from /dev/super-...random until it sucks
it dry, and then switches to less secure sources. This will guarantee that
the enthropy of readings is -not worse than-, and for moderate requests is
much better.
Dmitri
-- 16. The Evil Overlord will not risk his life to save yours. Why risk yours for his? ("Evil Overlord" by Peter Anspach and John VanSickl)
This archive was generated by hypermail 2b29 : Fri Aug 23 2002 - 22:00:14 EST