On Tue, 07 Jun 2011 13:27:59 +0100, Robin Becker wrote: >> If you want the full 16 bytes of unpredictability, why don't you just >> read 16 bytes from >> /dev/urandom and forget about all the other stuff? > > I have a vague memory that the original author felt that entropy might > run out or something like that so reading from /dev/urandom always was > not a good idea.
The problem with /dev/urandom is that it shares the same entropy pool as /dev/random, so you're "stealing" entropy which may be needed for tasks which really need it (e.g. generating SSL/TLS keys). Personally, I'd take whatever "cheap" entropy I can get and hash it. If you're going to read from /dev/urandom, limit it to a few bytes per minute, not per request. -- http://mail.python.org/mailman/listinfo/python-list