Ian Turner writes:
> > Can be so easy to DoS cryptographic software?
>
> Yes. If you don't trust your users to not deplete the entropy, then don't
> give them permission to read it.
An intermediate possibility is to have multiple RNGs with multiple sources
of entropy, or multiple RNGs with entropy divided among them somehow, or
a single RNG which enforces a reasonable policy of some sort when multiple
processes want to access it at once.
Modern multiuser operating systems have solved all _kinds_ of problems around
concurrency and dealing with contention over a shared resource. There is
no reason that they should not be able to do exactly the same thing for an
entropy pool, if it becomes an issue.
--
Seth David Schoen <[EMAIL PROTECTED]> | And do not say, I will study when I
Temp. http://www.loyalty.org/~schoen/ | have leisure; for perhaps you will
down: http://www.loyalty.org/ (CAF) | not have leisure. -- Pirke Avot 2:5
