[13984] in cryptography@c2.net mail archive
Re: Beware of /dev/random on Mac OS X
daemon@ATHENA.MIT.EDU (Harald Hanche-Olsen)
Tue Sep 2 15:19:31 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: cryptography@metzdowd.com
In-Reply-To: <6.0.0.10.2.20030829145815.062b6840@127.0.0.1>
Date: Sat, 30 Aug 2003 10:56:13 +0200
From: Harald Hanche-Olsen <hanche@math.ntnu.no>
+ Tim Dierks <tim@dierks.org>:
| Can anyone who believes that only having 160 bits of entropy
| available is an interesting weakness tell me why?
That is an interesting discussion that I don't feel qualified to
participate in (but look forward to following), but I think it's a
good idea to keep that issue separate from the one raised by Peter:
/dev/urandom is for those situations where guaranteed entropy is not
seen as needed, whereas /dev/random, by design, is for the very most
"paranoid". Apple should not have violated the specification of
/dev/random in this way. The right thing for them to do, if they are
unable or unwilling to provide a true /dev/random, is to not provide
the device at all, and just settle for /dev/urandom.
- Harald
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
