-----BEGIN PGP SIGNED MESSAGE-----
Oliver Xymoron writes:
> /dev/urandom is as good as /dev/random as long as the entropy is not
> depleted below a certain point.
As I brought up over on majordomo-users, if you want a good PRNG, lift the
algorithm out of PGP, randseed.bin file and all. /dev/random is not random
enough for reliable security. The down side to this is someone needs to be
on the console to generate the randseed.bin file, but that needs be done
> After that, urandom will continue to generate numbers that are as secure
> as the hash function the kernel uses (SHA1, IIRC),
Not unless you have a true random number generator physically attached to
/dev/(u)random. Without some external source of genuine entropy,
/dev/(u)random is nigh-worthless as a PRNG.
SHA1 is much more secure than anything you can get out of a purely
Is /dev/(u)random good enough? I don't think so. But then, I'm not
paranoid: 'they' really are out to get me.
-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition
-----END PGP SIGNATURE-----
Rich Pieri <firstname.lastname@example.org> / Do not use Happy Fun Ball on
Sysmonster, Unix Wrangler / concrete.
Prescient Technologies, Inc. /
I speak for myself, not PTI or SWEC /