On Wed, 18 Dec 2002 11:58:52 +0100, Ga�l Le Mignot said: > This is the current implementation, yes, but /dev/urandom doesn't guarantee > anything about the "quality" of the random bits. It can be secure, but it
It does. It even blocks (well, I checked years ago) as long as the entropy pools has never been filled to 100% then it won't block anymore (thus the u in ist name). If you really want to spend time on a intermediate solution, use libgcrypt and its internal RNG (can be build using a similar scheme as EGD) to write a /dev/random translator. > can be pseudo-random too, and any program that use /dev/urandom as a secure > source of random bits is flawed, so there is absolutely no problem, IMHO, It depends on the usage of the random. In many cases a good PRNG with additional seending is sufficient. It is even bad to waste precious entropy for short living keys or padding. Salam-Shalom, Werner
