Theo de Raadt <deraadtat_private> wrote: > > Crypto software which uses [/dev/random] devices should be doing > some kind of checking to make sure that they are getting at least > good entropy. /dev/random will not emit bytes below some entropy threshold. Somebody draining /dev/random amounts to a DOS attack; it will begin emitting at a snail's pace, and users of /dev/random will contend for the scarce bytes. If lower entropy is acceptable, /dev/urandom will invoke a PRNG to keep emitting, even when the entropy pool is depleted. The output of /dev/urandom passes the diehard tests reasonably well, and should be acceptable for most non-cryptographic applications. Of course, as Werner Koch already indicated, casual applications of "random numbers" should not waste the entropy pool. Len. -- Bandwidth is bad for the same reason that most programs are so slow: programmers _guess_ where the bottlenecks are rather than _profiling_. -- Dan Bernstein
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:33:27 PDT