[Cryptography] Random numbers only once

Paul Hoffman paul.hoffman at vpnc.org
Tue Feb 4 11:06:12 EST 2014

On Feb 3, 2014, at 9:12 PM, Watson Ladd <watsonbladd at gmail.com> wrote:

> As DJB pointed out on another listhost, one only needs 256 random bits
> once, and can then use a PRF to generate an indefinite number forever.

Many others have pointed this out for over a decade as well.

> Why does /dev/random not do this and so avoid blocking after startup?

See my message to this list on January 28 with the subject "Not everything is Linux (was: Re: [Cryptography] cheap sources of entropy)"

> It wouldn't be that hard to write to a defined block of a disk image
> these 32 random bytes.

You are correct that it hat may or may not be a good idea for various reasons, but it also might not be such a good idea. Different OSs have very different views of what is and is not a good idea.

Fortunately, the most significant OSs have people who have thought about random numbers at least as much as the folks on this list.

--Paul Hoffman

More information about the cryptography mailing list