[please reply to all when posting to lkml] On Sat, Apr 16, 2005 at 01:08:47AM +0000, David Wagner wrote: > >First, a reminder that the design goal of /dev/random proper is > >information-theoretic security. That is, it should be secure against > >an attacker with infinite computational power. > > I am skeptical. > I have never seen any convincing evidence for this claim, > and I suspect that there are cases in which /dev/random fails > to achieve this standard. > > And it seems I am not the only one. See, e.g., Section 5.3 of: > http://eprint.iacr.org/2005/029
Unfortunately, this paper's analysis of /dev/random is so shallow that they don't even know what hash it's using. Almost all of section 5.3 is wrong (and was when I read it initially). -- Mathematics is the supreme nostalgia of our time. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/