Beware of /dev/random on Mac OS X

Harald Hanche-Olsen hanche at
Sat Aug 30 04:56:13 EDT 2003

+ Tim Dierks <tim at>:

| Can anyone who believes that only having 160 bits of entropy
| available is an interesting weakness tell me why?

That is an interesting discussion that I don't feel qualified to
participate in (but look forward to following), but I think it's a
good idea to keep that issue separate from the one raised by Peter:
/dev/urandom is for those situations where guaranteed entropy is not
seen as needed, whereas /dev/random, by design, is for the very most
"paranoid".  Apple should not have violated the specification of
/dev/random in this way.  The right thing for them to do, if they are
unable or unwilling to provide a true /dev/random, is to not provide
the device at all, and just settle for /dev/urandom.

- Harald

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list