Hi Rob, 2016-06-29 23:04 GMT+02:00 Rob Landley <[email protected]>: > On 06/29/2016 10:31 AM, Daniel Thompson wrote: >> On 29/06/16 16:04, Etienne Champetier wrote: >> Thanks for the explanation. I had indeed overlooked that the getrandom >> applet does not consume any entropy. > > His use case was saving a random seed and not consuming entropy is an > advantage?
TLDR: getrandom() is safe for any use a good read http://www.2uo.de/myths-about-urandom/ Also https://en.wikipedia.org/wiki//dev/random Is there any serious argument that adding new entropy all the time is a good thing? The Linux /dev/urandom manual page claims that without new entropy the user is "theoretically vulnerable to a cryptographic attack",[16] but (as I've mentioned in various venues) this is a ludicrous argument—how can anyone simultaneously believe that we can't figure out how to deterministically expand one 256-bit secret into an endless stream of unpredictable keys (this is what we need from urandom), but we can figure out how to use a single key to safely encrypt many messages (this is what we need from SSL, PGP, etc.)? Regards Etienne > > Rob _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
