SSL/TLS passive sniffing
Werner Koch
wk at gnupg.org
Thu Jan 6 04:43:32 EST 2005
On Wed, 5 Jan 2005 08:49:36 +0800, Enzo Michelangeli said:
>> That's basically what /dev/urandom does, no? (Except that it has the
>> undesirable side-effect of depleting the entropy estimate maintained
>> inside the kernel.)
> This "entropy depletion" issue keeps coming up every now and then, but I
> still don't understand how it is supposed to happen. If the PRNG uses a
It is a practical issue: Using /dev/urandom to avoid waiting for a
blocked /dev/random will let other processes wait infinitely on a
blocked /dev/random.
The Linux implementation of /dev/urandom is identical to /dev/random
but instead of blocking, (as /dev/random does on a low entropy
estimation) it continues to give output by falling back to a PRNG mode
of operation.
For services with a high demand of random it is probably better to
employ its own PRNG and reseed it from /dev/random from time to time.
Salam-Shalom,
Werner
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list