> On Jul 21, 2019, at 4:55 PM, Edgar Fuß <e...@math.uni-bonn.de> wrote:
>
>
> [EXTERNAL EMAIL]
>
> TRC> There is no reason in modern cryptography to read more than one byte
> TRC> from /dev/random ever in a single application; once you have done
> TRC> that, or confirmed some other way that the the entropy pool is seeded,
> TRC> you should generate keys from /dev/urandom.
>
> DAH> There should be some way to do that without throwing away 8 random
> DAH> bits.
> Isn't that called poll()/select() etc?
> As far as I understand, it's not about actually reading from /dev/random,
> but checking whether you could read without blocking, isn't it?
I don't agree with this reasoning.
If /dev/random is implemented right, it won't block later once it unblocks for
the first time. Given that, an application that needs a cryptographic random
number should simply fetch all the bits it needs from /dev/random.
The only reason to read from /dev/urandom is that you want random numbers but
they don't need to be strong.
If people do these hacks because we still have the "entropy is used up" notion
in the code, the answer is to remove that.
paul
