On 09/30/2013 09:28 AM, d...@geer.org wrote: > If there is anything I've learned about "the Internet" it is that > if you ask a difficult question you will get very little in the > way of answers you can trust a priori. However, if you make a false > claim, then people will come out of the woodwork to tell you that > "You are a doofus and here is why."
That reminds me of the Linux device driver for /dev/random and /dev/urandom. We know it is highly reliable, because it is used for a wide range of critical applications, and nobody would use it if it weren't reliable. Users -- as well as kernel developers -- are all keenly aware of how much modern cryptography depends on random numbers ... and how much security depends on attention to detail. We know it is a "strong" RNG, because it says so, right at the top of the file, the drivers/char/random.c file. Therefore there is no need for anybody to review the code, let alone measure its performance under real-world conditions. I'm sure the driver was written by highly proficient cryptographers, and subjected to a meticulous code review. There is no way the code could have bugs that waste entropy. There is no way the code could have bugs that waste buffer capacity, degrading the response to peak demand. There is no way a variable could be used with one undocumented meaning and then used with a different undocumented meaning a few lines later. There is no way anybody would ever create a PRNG with no lower bound on how often it gets reseeded. I haven't looked at the code -- heaven forbid -- but it "must" be well commented, in accordance with the high standards found throughout the kernel. _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography