Jim Choate wrote: > > PRNG output is fixed/repeatable too - that is a properly you *want* from a > > PRNG. > > No it isn't. You -want- a RNG but you can't have one. Nobody -wants- a > PRNG, they -settle- for it.
That is nearly true for crypto applications, but it certainly isn't for some others. e.g. If you're debugging simulation software, you may need to be able to make the PRNG produce repeatable output by giving it the same seed on every run. For crypto, it absolutely clear that you need a true RNG for some things, if only seeding and re-seeding a PRNG, and that using a PRNG introduces one more thing that could contain dangerous weaknesses. Given a well-designed PRNG, though, it is not clear that there's any real benefit to using a true RNG instead. If you're generating 128-bit session keys, there is no practical difference between using the true RNG directly and using a good PRNG with, say, 256-bit key.