On 27/05/2015 04:28 am, Steve Weis wrote:
On Tue, May 26, 2015 at 7:27 PM, Russell Leidich <[email protected] <mailto:[email protected]>> wrote:Unfortunately, that page doesn't provide insights as to why that piece of advice was issued. On Wed, May 27, 2015 at 2:11 AM, Naveen Nathan <[email protected] <mailto:[email protected]>> wrote: Avoid: userspace random number generators, havaged, prngd, egd, /dev/random. Source: https://gist.github.com/tqbf/be58d2d39690c3b366ad The author Thomas Ptacek has a longer post on why people should just use /dev/urandom: http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
Yes, you should use /dev/urandom. However, if you insist on doing what is harmful and dangerous, here's some advice on how to build an RNG system:
http://iang.org/ssl/hard_truths_hard_random_numbers.html Rule #1: Use what your platform provides. iang _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
