Doug McNaught wrote:
> Allan Engelhardt <allane@cybaea.com> writes:
>
> > "/dev/urandom is not really better than rand(3) or random(3) *in
> > this situation* [i.e. when reads from /dev/random stalls and there
> > is no system entropy]"
>
> I would still disagree. The difference for crypto purposes between a
> CRNG seeded with real entropy (/dev/urandom) and an LCG (libc
> functions) is huge. The former is useful (with caveats); the latter
> is trivially breakable.
Fair comment. I agree. Thanks for the clarification.
Allan.