SSL/TLS passive sniffing
David Wagner
daw at cs.berkeley.edu
Wed Dec 22 17:28:41 EST 2004
Florian Weimer <fw at deneb.enyo.de> writes:
>I'm slightly troubled by claims such as this one:
> <http://lists.debian.org/debian-devel/2004/12/msg01950.html>
[which says: "If you're going to use /dev/urandom then you might
as well just not encrypt the session at all."]
That claim is totally bogus, and I doubt whether that poster has any
clue about this subject. As far as we know, Linux's /dev/urandom is just
fine, once it has been seeded properly. Pay no attention to those who
don't know what they are talking about.
(That poster wants you to believe that, since /dev/urandom uses a
cryptographic-strength pseudorandom number generator rather than a
true entropy source, it is useless. Don't believe it. The poster is
confused and his claims are wrong.)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list