On Sun, Apr 29, 2018 at 04:32:05PM +0200, Pavel Machek wrote: > Hi! > > > This is why ultimately, we do need to attack this problem from both > > ends, which means teaching userspace programs to only request > > cryptographic-grade randomness when it is really needed --- and most > > of the time, if the user has not logged in yet, you probably don't > > need cryptographic-grade randomness.... > > IOW moving them from /dev/random to /dev/urandom? > Pavel > > -- > (english) http://www.livejournal.com/~pavelmachek > (cesky, pictures) > http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
/dev/urandom isn't cryptographically secure, so that's not an option.
