[Cryptography] Random numbers only once
Paul Hoffman
paul.hoffman at vpnc.org
Tue Feb 4 11:06:12 EST 2014
On Feb 3, 2014, at 9:12 PM, Watson Ladd <watsonbladd at gmail.com> wrote:
> As DJB pointed out on another listhost, one only needs 256 random bits
> once, and can then use a PRF to generate an indefinite number forever.
Many others have pointed this out for over a decade as well.
> Why does /dev/random not do this and so avoid blocking after startup?
See my message to this list on January 28 with the subject "Not everything is Linux (was: Re: [Cryptography] cheap sources of entropy)"
> It wouldn't be that hard to write to a defined block of a disk image
> these 32 random bytes.
You are correct that it hat may or may not be a good idea for various reasons, but it also might not be such a good idea. Different OSs have very different views of what is and is not a good idea.
Fortunately, the most significant OSs have people who have thought about random numbers at least as much as the folks on this list.
--Paul Hoffman
More information about the cryptography
mailing list