[5284] in cryptography@c2.net mail archive
Re: linux-ipsec: Re: TRNG, PRNG
daemon@ATHENA.MIT.EDU (Henry Spencer)
Thu Jul 29 19:23:16 1999
Date: Thu, 29 Jul 1999 14:35:02 -0400 (EDT)
From: Henry Spencer <henry@spsystems.net>
To: John Denker <jsd@research.att.com>
Cc: linux-ipsec@clinet.fi, cryptography@c2.net
In-Reply-To: <4.1.19990728132814.03949910@surfcity.research.att.com>
On Wed, 28 Jul 1999, John Denker wrote:
> In my case X- is the unreseeded PRNG behavior of /dev/urandom. The
> designers of linux-ipsec have evidently decided this is good enough,
> because that's where they get key material.
More accurately, we have decided that /dev/urandom is the proper
*interface* for us to use, and that if improvements need to be made, they
should be made within /dev/urandom, not in every piece of code (from us
and others) which uses it.
We are sympathetic to concerns about its algorithms not being good enough,
but at the moment we lack the specialized expertise to do something about
this (more precisely, to evaluate proposed changes and decide which ones
are actually good ideas).
Moreover, since Ted Ts'o is still actively working on /dev/[u]random, he
is probably in a better position to deal with this than we are.
Henry Spencer
henry@spsystems.net
(henry@zoo.toronto.edu)
