[16594] in cryptography@c2.net mail archive
SSL/TLS passive sniffing
daemon@ATHENA.MIT.EDU (David Wagner)
Tue Jan 4 14:58:20 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: David Wagner <daw@cs.berkeley.edu>
To: cryptography@metzdowd.com
Date: Wed, 22 Dec 2004 14:28:41 -0800 (PST)
Florian Weimer <fw@deneb.enyo.de> writes:
>I'm slightly troubled by claims such as this one:
> <http://lists.debian.org/debian-devel/2004/12/msg01950.html>
[which says: "If you're going to use /dev/urandom then you might
as well just not encrypt the session at all."]
That claim is totally bogus, and I doubt whether that poster has any
clue about this subject. As far as we know, Linux's /dev/urandom is just
fine, once it has been seeded properly. Pay no attention to those who
don't know what they are talking about.
(That poster wants you to believe that, since /dev/urandom uses a
cryptographic-strength pseudorandom number generator rather than a
true entropy source, it is useless. Don't believe it. The poster is
confused and his claims are wrong.)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
