-----BEGIN PGP SIGNED MESSAGE-----
Oliver Xymoron writes:
> /dev/urandom is as good as /dev/random as long as the entropy is not
> depleted below a certain point.
As I brought up over on majordomo-users, if you want a good PRNG, lift the
algorithm out of PGP, randseed.bin file and all. /dev/random is not random
enough for reliable security. The down side to this is someone needs to be
on the console to generate the randseed.bin file, but that needs be done
but once.
> After that, urandom will continue to generate numbers that are as secure
> as the hash function the kernel uses (SHA1, IIRC),
Not unless you have a true random number generator physically attached to
/dev/(u)random. Without some external source of genuine entropy,
/dev/(u)random is nigh-worthless as a PRNG.
SHA1 is much more secure than anything you can get out of a purely
algorithmic PRNG.
Is /dev/(u)random good enough? I don't think so. But then, I'm not
paranoid: 'they' really are out to get me.
-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition
Charset: noconv
iQCVAwUBNd2EwJ6VRH7BJMxHAQHP0wQAyaJylROqzQqb1pAGzOLMonCRg13Zfj9G
DexAtV0VfjybyTPhQ3L/+ofe1y+oMtspszI+c6V1dpdZD1V9KNgQc9v7mvPtkvhF
WYK3piPYf0ezlcmzR4qRlBRm7qc7QhMmupDV7cj2v1mG0V2wjmZKWzF9ZVl/vpsS
1OZJyjo29c4=
=DKxb
-----END PGP SIGNATURE-----
--
Rich Pieri <rich.pieri@prescienttech.com> / Do not use Happy Fun Ball on
Sysmonster, Unix Wrangler / concrete.
Prescient Technologies, Inc. /
I speak for myself, not PTI or SWEC /
Follow-Ups:
References:
|
|
