Beware of /dev/random on Mac OS X
Harald Hanche-Olsen
hanche at math.ntnu.no
Sat Aug 30 04:56:13 EDT 2003
+ Tim Dierks <tim at dierks.org>:
| Can anyone who believes that only having 160 bits of entropy
| available is an interesting weakness tell me why?
That is an interesting discussion that I don't feel qualified to
participate in (but look forward to following), but I think it's a
good idea to keep that issue separate from the one raised by Peter:
/dev/urandom is for those situations where guaranteed entropy is not
seen as needed, whereas /dev/random, by design, is for the very most
"paranoid". Apple should not have violated the specification of
/dev/random in this way. The right thing for them to do, if they are
unable or unwilling to provide a true /dev/random, is to not provide
the device at all, and just settle for /dev/urandom.
- Harald
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list