Ben Laurie wrote:
William Allen Simpson wrote:
Why then restrict it to non-communications usages?
Because we are starting from the postulate that observation of the output could (however remotely) give away information about the underlying state of the entropy generator(s).
Surely observation of /dev/urandom's output also gives away information?
ummm, no, not by definition.
/dev/random blocks on insufficient estimate of stored entropy useful for indirect measurement of system characteristics (assumes no PRNG)
/dev/urandom blocks only when insufficient entropy for initialization of state computationally infeasible to determine underlying state (assumes robust PRNG)
These are the definitions we've been using around here for many years. It does help when everybody is talking about the same things.
Around where? I've never heard of a /dev/random that doesn't include a PRNG. But I'll admit its entirely possible I just haven't been paying attention. Can you give examples?
In any case, if the postulate is that observing the output could give away information about the underlying state, then I cannot see how /dev/urandom gets around this problem.
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]