On Wed, 2 Feb 2000, Theo de Raadt wrote: > I suppose then that anyone who attacks a machine which relies on > /dev/random -- a world readable device -- should do the following: > > cat /dev/random > /dev/null & Yep. > Crypto software which uses those devices should be doing some kind of > checking to make sure that they are getting at least good entropy. I The good thing is that /dev/random blocks until there is enough entropy available. /dev/urandom does not block but continues to return random bytes by using a PRNG. > suppose I could even argue that the random devices should make it easy > for customer software to determine that entropy is low. There is also an ioctl() to query some statistics. OpenBSD has some more kinds of random devices but I don't know much about them. I have not checked the latest Linux kernels but rumors are that this device has been enhanced. -- Werner Koch at guug.de www.gnupg.org keyid 621CC013
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:33:09 PDT