David Schwartz wrote:
It's a well-understood term in the art.
You are not a practitioner of the art, David. There are RBGs and
PRBGs but no one uses the term "truly random".
In fact, it's the same distinction everyone else in this field makes.
No. We know what cryptographically useful random bitstreams are.
So /dev/random tries to provide truly random numbers while
/dev/urandom tries to provide only cryptographically-secure
pseudo-random numbers
This is, in fact, precisely correct. The man page says:
Um, no mention of "truly" random. Ted T'so will chime in here...
A read from the /dev/urandom device will not block waiting for more
entropy. As a result, if there is not sufficient entropy in the
entropy pool, the returned values are theoretically vulnerable to a
cryptographic attack on the algorithms used by the driver.
But you said it was "cryptographically secure" (not a term of art, btw).
If you don't know anything about an entire field, the least you can do is keep
your mouth shut.
Good idea, David. You've demonstrated a depth of ignorance that
is truly profound. Time to shut up. I noticed you skipped right over
my citing your claim that RSA is irreversible.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
