Doug McNaught wrote:
> Allan Engelhardt <allane@cybaea.com> writes:
>
> > On other motherboards, reading from /dev/random can stall
> > indefinitely. This is not a Good Thing. /dev/urandom is fine, but
> > not rally better than rand(3) or random(3).
>
> Wrong; it's still a lot better, especially if you have a reasonable
> amount of entropy coming in--/dev/urandom uses the same entropy pool
> as /dev/random and generates its data using a cryptographically secure
> hash function. This is still a lot better (for crypto purposes) than
> the simple LCGs used in the standard C library functions.
Absolutely! I had minor brain damage when I wrote the paragraph. What I meant was:
"/dev/urandom is not really better than rand(3) or random(3) *in this situation* [i.e. when reads from /dev/random
stallsand there is no system entropy]"
You don't get a lot of entropy from the standard /dev/random drivers on a system without users (pressing a key gives 10
bytesof entropy, moving the mouse ~8), but you do get a some so it is better.
As you said.
Allan.