William Allen Simpson wrote:
Ben Laurie wrote:

William Allen Simpson wrote:

Why then restrict it to non-communications usages?

Because we are starting from the postulate that observation of the
output could (however remotely) give away information about the
underlying state of the entropy generator(s).

Surely observation of /dev/urandom's output also gives away information?

ummm, no, not by definition.

 blocks on insufficient estimate of stored entropy
 useful for indirect measurement of system characteristics
 (assumes no PRNG)

 blocks only when insufficient entropy for initialization of state
 computationally infeasible to determine underlying state
 (assumes robust PRNG)

These are the definitions we've been using around here for many years. It does help when everybody is talking about the same things.

Around where? I've never heard of a /dev/random that doesn't include a PRNG. But I'll admit its entirely possible I just haven't been paying attention. Can you give examples?

In any case, if the postulate is that observing the output could give away information about the underlying state, then I cannot see how /dev/urandom gets around this problem.



http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to