[Cryptography] The Crypto Pi
ianG
iang at iang.org
Mon Jan 26 08:12:29 EST 2015
On 25/01/2015 16:35 pm, Ralf Senderek wrote:
> When I read bytes from /dev/random with dd and immediately check this
> file again, n bits are missing as a result of the read operation.
> So, IMHO, the whole system now has less entropy to feed to /dev/random.
> Am I wrong, when I assume that if the content of entropy_avail drops to
> zero, /dev/random is supposed to block?
Once upon a time, it might have meant that. Now it doesn't.
What it "means" is more to do with whatever is implemented by the
primary unix system you are using, and as it happens, Linux and BSD do
differently. So meaning is out the window, we're back to implementation.
My advice: applications should use /dev/urandom.
iang
ps; more long-winded stuff here
http://iang.org/ssl/hard_truths_hard_random_numbers.html
More information about the cryptography
mailing list