Date: Tue, 8 Aug 2000 14:20:41 +0200
From: Oscar Roozen <jor+lkml@xs4all.nl>
On Mon, Aug 07, 2000 at 07:41:37PM +0000, Miquel van Smoorenburg wrote:
> >Yes, I can put a monkey behind the keyboard, but if somebody knows a
> >better solution, please don't be shy. ;)
> Use /dev/urandom
You mean I do "ln -sf /dev/urandom /dev/random" ? Nah... ;)
Several people sent me a private email sugesting to use urandom instead,
but it's not what I use, it's about what all software on the machine uses.
Should I patch SSH? Should I patch SSL? Or are they using urandom anyway?
My recommendation has always been that applications use /dev/random for
long-term public key generation, and to seed a pseudo-RNG for session
keys. The reasoning behind this is that true, high-quality random
numbers is a very precious resource (even with a real high, quality
random number generator, it is still a limited resource), and so it's
better to periodically get randomness from /dev/random, and then use
that as seeds for a cryptographically secure, pseudo-random number
generator.
- Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Aug 15 2000 - 21:00:16 EST