Theo de Raadt <[EMAIL PROTECTED]> wrote:
>
> Crypto software which uses [/dev/random] devices should be doing
> some kind of checking to make sure that they are getting at least
> good entropy.
/dev/random will not emit bytes below some entropy threshold. Somebody
draining /dev/random amounts to a DOS attack; it will begin emitting at a
snail's pace, and users of /dev/random will contend for the scarce bytes.
If lower entropy is acceptable, /dev/urandom will invoke a PRNG to
keep emitting, even when the entropy pool is depleted. The output of
/dev/urandom passes the diehard tests reasonably well, and should be
acceptable for most non-cryptographic applications.
Of course, as Werner Koch already indicated, casual applications of
"random numbers" should not waste the entropy pool.
Len.
--
Bandwidth is bad for the same reason that most programs are so slow:
programmers _guess_ where the bottlenecks are rather than _profiling_.
-- Dan Bernstein
