> In addition, the notion of "entropy being consumed" is obsolete (if it was e$
Oh, it most certainly was, and is, a valid notion. It may currently appear that the state of the art in PRNGs is good enough that you can stream unlimited amounts of key material once you have enough entropy on hand, but it will not remain so forever. History repeatedly teaches us that "always" and "forever" never are, perhaps especially in cryptography. (It wasn't all that long ago that a Vignière cipher was the ultimate in unbreakable cryptography.) Getting rid of the notion of consumable entropy now will just mean someone needs to reimplement it in the future, when the state of the art once again becomes such that the state-inferrers have the advantage. > Do we have an implementation that does these things? It's critical to have $ Only those that use cryptography, and even then only those so sloppily designed that they (a) have no fallback for systems that don't export a strong random-number interface and (b) trust that interface to perform up to its advertised design specs. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B