Marko Rauhamaa <ma...@pacujo.net> writes: > It is also correct that /dev/urandom depletes the entropy pool as > effectively as /dev/random.
I think see what's confusing you: the above is a misconception that is probably held by lots of people. Entropy is not water and from a cryptographic standpoint there is essentially no such thing as "depleting" an entropy pool. There is either enough entropy (say 256 bits or more) in the PRNG or else there isn't. If there's not enough, urandom can misbehave by giving you bad output because it doesn't block until more is gathered. If there is enough, /dev/random misbehaves by blocking under this bogus concept of "depletion". If you have a seed with 256 bits of entropy and you generate a gigabyte of random numbers from it, you have not increased the predictability of the seed in any significant way. So once /dev/random unblocks, it should never again block, the behavior of getrandom. There used to be an article on David Wagner's web site (cs.berkeley.edu/~daw) about the concept of "depleting" entropy by iterated hashing, but I can't find it now. That's unfortunate since it might help cast light on the subject. >> http://www.2uo.de/myths-about-urandom/ > Already addressed. No really, all you've done is repeat bad advice. The people cited in that article are very knowledgeable and the stuff they say makes good mathematical sense. The stuff you say makes no sense and you haven't given any convincing reason for anyone to listen to you. -- https://mail.python.org/mailman/listinfo/python-list