On Mon, Aug 07, 2000 at 07:41:37PM +0000, Miquel van Smoorenburg wrote:
> >Yes, I can put a monkey behind the keyboard, but if somebody knows a
> >better solution, please don't be shy. ;)
> Use /dev/urandom
You mean I do "ln -sf /dev/urandom /dev/random" ? Nah... ;)
Several people sent me a private email sugesting to use urandom instead,
but it's not what I use, it's about what all software on the machine uses.
Should I patch SSH? Should I patch SSL? Or are they using urandom anyway?
My recommendation has always been that applications use /dev/random for
long-term public key generation, and to seed a pseudo-RNG for session
keys. The reasoning behind this is that true, high-quality random
numbers is a very precious resource (even with a real high, quality
random number generator, it is still a limited resource), and so it's
better to periodically get randomness from /dev/random, and then use
that as seeds for a cryptographically secure, pseudo-random number
generator.
- Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/