On Mon, 28 Sep 2009, Randal L. Schwartz wrote: > Date: Mon, 28 Sep 2009 18:42:48 -0700 > From: Randal L. Schwartz <[email protected]> > Reply-To: "General Linux/UNIX discussion and help; civil and on-topic" > <[email protected]> > To: [email protected] > Subject: Re: [PLUG] hardware RNG cards was: rngd > >>>>>> "Carlos" == Carlos Konstanski <[email protected]> writes: > > Carlos> The reason I am using > Carlos> /dev/urandom is because I have witnessed other generators repeat > Carlos> themselves. If someone were to get a sessionid that an administrator > Carlos> had previously, that could be enough to give elevated privileges in a > Carlos> webapp. > > Are you confusing "guaranteed to generate a distinct series of numbers from a > limited set" with "random"? It's starting to smell like you are.
I'm not confused; I know the difference. I'm not sold on /dev/urandom; it's simply the best thing I have available. No, I want true randomness from a dedicated hardware device. The USB stick looks good. Too bad it has to be ordered from Finland. Seriously, no one has used a nice, easily obtainable card that can be paid for with US Dollars? Never mind then. Carlos _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
