Nico Williams wrote: > Applications (in the Unix sense) should not be the ones seeding the system's PRNG. The system should ensure that there is enough entropy and seed its own PRNG (and mix in new entropy).
Exactly the opposite. Application creator/maintainer is always in the trust chain; this can not be avoided. As the well-known Debiandebacle demonstrated, there is every good reason to remove the operating system creator/maintainer from the trust chain. There is a reasonable chance that a security-critical application is constructed and maintained by someone who is skilled in security programming; there is very low chance this is the case with the operating system. Lisa U. Gishpuppy | To reply to this email, click here: http://www.gishpuppy.com/cgi-bin/[email protected] _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
