Allan Engelhardt <allane@cybaea.com> writes:
> "/dev/urandom is not really better than rand(3) or random(3) *in
> this situation* [i.e. when reads from /dev/random stalls and there
> is no system entropy]"
I would still disagree. The difference for crypto purposes between a
CRNG seeded with real entropy (/dev/urandom) and an LCG (libc
functions) is huge. The former is useful (with caveats); the latter
is trivially breakable.
-Doug
--
Free Dmitry Sklyarov!
http://www.freesklyarov.org/
We will return to our regularly scheduled signature shortly.