On Fri, Apr 26, 2013 at 03:16:27PM -0500, Derek Martin wrote: > On Fri, Apr 26, 2013 at 08:57:45PM +0100, Ian Collier wrote: > > On Fri, Apr 26, 2013 at 02:17:49PM -0500, Derek Martin wrote: > > > Using /dev/urandom on systems that have it isn't without its own > > > problems... if your system doesn't have enough entropy, reading from > > > /dev/urandom will block until it does. > > > > On systems with a Linux kernel, /dev/urandom does not block but produces > > lower entropy pseudorandom numbers instead. The /dev/random device > > does block, and is used when full entropy is essential. > > Sorry, yes, you're correct. It's not just Linux... it's basically > every major Unix variant in production today, though > implementations vary. Also: > > http://en.wikipedia.org/wiki//dev/random > > In 2004, Landon Curt Noll, Simon Cooper, and Mel Pleasant > tested a variety of random number generators, including the > /dev/random implementations in FreeBSD 5.2.1, Linux 2.4.21-20, > Solaris 8 patch 108528-18, and Mac OS X 10.3.5.[7] They > indicated that none of these /dev/random implementations were > cryptographically secure because their outputs had uniformity > flaws.
In regards to Solaris and /dev/random, read https://blogs.oracle.com/yenduri/entry/dev_random_in_solaris. Solaris 8 is very old news. As an aside, I know that Solaris 11 provides mkstemp(), mkstemps() and tmpfile() any of which I'd like to see used by mutt. Perhaps use of one of these functions by mutt could be #ifdef'ed depending on whether configure finds it supported on the platform it's run on? -- Will Fiveash
