On Fri, Aug 16, 2013 at 7:24 PM, D. J. Bernstein <d...@cr.yp.to> wrote: > I'm not saying that /dev/urandom has a perfect API. [...]
It might be useful to think of what a good API would be. I've thought before that the Unix everything-as-a-file philosophy makes for lame entropy APIs, and yet it's what we have to work with... I'd like something like /dev/urandom128 -> min. 128 bits of real entropy in the pool. I'd also wish open(2) of AF_LOCAL socket names were the same as a connect(2) on the same thing, and to block like named pipe opens do (why on Earth is this not so? what could possibly break if it were so? considering that named pipe opens block... one would think "nothing could break"). Then we could have each open of /dev/prngN result in a PRNG octet stream seeded by N bits of real entropy. (I saw a blog post recently about using AF_LOCAL sockets as PID files. Making open(2) of them == connect(2) to them would make that an awesome idea.) Nico -- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography