On Wed, Dec 22, 2004 at 07:43:13PM +0100, Florian Weimer wrote: > > Actually reasoning along these lines is why Lutz Jaenicke implemented > > PRNGD, it is strongly recommended (at least by me) that mail servers > > use PRNGD or similar. PRNGD delivers psuedo-random numbers mixing in > > real entropy periodically. > > > > EGD, /dev/random and /dev/urandom don't produce bits fast enough. > > Is this the only criticism of /dev/urandom (on Linux, at least)? Even > on ancient hardware (P54C at 200 MHz), I can suck about 150 kbps out > of /dev/urandom, which is more than enough for our purposes. (It's > not a web server, after all.) > > I'm slightly troubled by claims such as this one: > > <http://lists.debian.org/debian-devel/2004/12/msg01950.html> >
I think I made a mistake, my primary email servers don't have /dev/urandom and the choice between EGD and PRNGD came down clearly on the PRNGD side, but indeed /dev/urandom should suffice on Linux and other systems. Postfix takes additional steps to reduce demand for raw entropy (in the tlsmgr process, ...) but /dev/urandom works fine as an external entropy source. I have not followed the debian issue, perhaps that really is just an Exim+TLS design problem... -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAIL Morgan Stanley confidentiality or privilege, and use is prohibited. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]