On Sun 2018-04-29 10:05:41, Sultan Alsawaf wrote: > On Sun, Apr 29, 2018 at 04:32:05PM +0200, Pavel Machek wrote: > > Hi! > > > > > This is why ultimately, we do need to attack this problem from both > > > ends, which means teaching userspace programs to only request > > > cryptographic-grade randomness when it is really needed --- and most > > > of the time, if the user has not logged in yet, you probably don't > > > need cryptographic-grade randomness.... > > > > IOW moving them from /dev/random to /dev/urandom? > > /dev/urandom isn't cryptographically secure, so that's not an > option.
Umm. No. https://www.youtube.com/watch?v=xneBjc8z0DE Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
signature.asc
Description: Digital signature