Re: Analysis of /dev/random

Adam Shostack (adam@homeport.org)
Mon, 12 Apr 1999 11:06:18 -0400

• Next message: Ge' Weijers: "Re: Analysis of /dev/random"
• Previous message: Ge' Weijers: "Re: Analysis of /dev/random"
• In reply to: William H. Geiger III: "Re: Analysis of /dev/random"
• Next in thread: Ge' Weijers: "Re: Analysis of /dev/random"
• Reply: Ge' Weijers: "Re: Analysis of /dev/random"

On Mon, Apr 12, 1999 at 10:37:03AM -0400, Ge' Weijers wrote:
| On Fri, Apr 09, 1999 at 09:09:28AM -0500, William H. Geiger III wrote:
| > This is not to attack the authors of this program. I am sure that they
| > have put quite a bit of time and effort into this program. It just seems
| > odd that it has been accepted without question, after all we would not all
| > switch to a new crypto algorithm without extensive peer review, why is it
| > that the source of random numbers has recevied so little attention?
|
| The (less-than-satisfying) answer to this question is that there are
| no real alternatives. It's probably a good idea to post-process
| anything coming from /dev/u?random by combining it with other
| potential sources of randomness or secret key material before using
| it.

        Why is that? /dev/urandom should give you the best random
output on the machine. If you're going to write more code, why not
spend the time to make that code available as part of the system
library?

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

• Next message: Ge' Weijers: "Re: Analysis of /dev/random"
• Previous message: Ge' Weijers: "Re: Analysis of /dev/random"
• In reply to: William H. Geiger III: "Re: Analysis of /dev/random"
• Next in thread: Ge' Weijers: "Re: Analysis of /dev/random"
• Reply: Ge' Weijers: "Re: Analysis of /dev/random"