I think the programs block when reading from random, if the kernel doesnt have enough entropy. When reading from urandom, that is not the case. Basically the internal pool is reused to generate pseudo random bits so that the call doesnt need to block.
As far as I know, there is no measure like 50 or so for /dev/random. On 16-Aug-2013, at 6:32 AM, shawn wilson <ag4ve...@gmail.com> wrote: > I thought that decent crypto programs (openssh, openssl, tls suites) > should read from random so they stay secure and don't start generating > /insecure/ data when entropy runs low. The only way I could see this > as being a smart thing to do is if these programs also looked at how > much entropy the kernel had and stopped when it got ~50 or so. Is this > the way things are done when these programs use urandom or what? > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
