Re: Why does reading from /dev/urandom deplete entropy so much?

From: Phillip Susi
Date: Tue Dec 11 2007 - 14:46:51 EST

Next message: Andi Kleen: "Re: [PATCH] Intel Management Engine Interface"
Previous message: Stephen Smalley: "Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSMsettings for task actions [try #2]"
In reply to: Theodore Tso: "Re: Why does reading from /dev/urandom deplete entropy so much?"
Next in thread: Ray Lee: "Re: Why does reading from /dev/urandom deplete entropy so much?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Theodore Tso wrote:

Note that even paranoid applicatons should not be using /dev/random
for session keys; again, /dev/random isn't magic, and entropy isn't
unlimited. Instead, such an application should pull 16 bytes or so,
and then use it to seed a cryptographic random number generator.

What good does using multiple levels of RNG do? Why seed one RNG from another? Wouldn't it be better to have just one RNG that everybody uses? Doesn't the act of reading from the RNG add entropy to it, since no one reader has any idea how often and at what times other readers are stirring the pool?

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "Re: [PATCH] Intel Management Engine Interface"
Previous message: Stephen Smalley: "Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSMsettings for task actions [try #2]"
In reply to: Theodore Tso: "Re: Why does reading from /dev/urandom deplete entropy so much?"
Next in thread: Ray Lee: "Re: Why does reading from /dev/urandom deplete entropy so much?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]