On Wed, May 28, 2008 at 10:34:53AM +0200, Philipp Gühring wrote: > > it is imperative that wasteful reads of this pseudo-device be > > avoided at all costs. > > Yes. Still, some people are using fopen/fread to access > /dev/random, which does pre-fetching on most implementations I > saw, so using open/read is preferred for using /dev/random. > > Implementations can be rather easily checked with strace.
Oh, agreed wholeheartedly. I simply meant that *wasteful* (gratuitous) reads of /dev/random should be avoided. Justifiable, conservative reads of /dev/random are, of course, why it exists in the first place! And fopen/fread is definitely a bad idea in this case for the reasons you point out. In general, anything which prefetches potentially excess data in a read from /dev/random is destructive to the entropy pool. -- { IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657); SMTP([EMAIL PROTECTED]); IRC([EMAIL PROTECTED]); ICQ(114362511); AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER([EMAIL PROTECTED]); MUD([EMAIL PROTECTED]:6669); WWW(http://fungi.yuggoth.org/); } --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]