Werner a écrit : > On Tue, 17 Dec 2002 13:36:21 +0100, Gaël Le Mignot said: >> And /dev/urandom is not really done for "cryptographic secure" randomness, >> it's the goal of /dev/random, not /dev/urandom (and AFAIK ssh only uses
> That is not really true. The common implementations of /dev/[u]random > for *BSD and Linux use only one entropy pool and the only difference > between random and urandom ist that urandom never blocks on low > entropy but continues to yield random bytes using a pesudo random > number generater (i.e. hashing the pool again). So, as long as enough > entropy is available both devices can be considered equal. This is the current implementation, yes, but /dev/urandom doesn't guarantee anything about the "quality" of the random bits. It can be secure, but it can be pseudo-random too, and any program that use /dev/urandom as a secure source of random bits is flawed, so there is absolutely no problem, IMHO, to use the current random translator for /dev/urandom. -- Gael Le Mignot "Kilobug" - [EMAIL PROTECTED] - http://kilobug.free.fr GSM : 06.71.47.18.22 (in France) ICQ UIN : 7299959 Fingerprint : 1F2C 9804 7505 79DF 95E6 7323 B66B F67B 7103 C5DA Member of HurdFr: http://hurdfr.org - The GNU Hurd: http://hurd.gnu.org