"Alfred M. Szmidt" <[EMAIL PROTECTED]> writes: > Strong security that uses encryption like DSA/RSA depends on a good > entropy source of random bits, we don't have one.
And it's particularly nasty with DSA. If you create DSA signatures with a bad randomness generator, you risk leaking your private key. > If you need to use ssh copy libc.so to /dev/urandom, it is just as > well as using the urandom translator without a entropy source. I find it a little odd that you need to have /dev/urandom for openssh to work, I thought openssh was ported to plenty of systems that don't have and never had any /dev/u?random. I think it is more honest to a cryptographic application to not have /dev/random at all. If an application sees that the system has a /dev/u?random, at compile- or run-time, it's reasonable for it to assume that the device in question is a reasonable source of random bits. And if it's not present, that tells the application that it has to use it's own workarounds and entropy collection code, something which any portable crypto library or application will have to support anyway. /Niels
