> > nobody should really be using srandom, but we provide it and it's a > > tempting target, so they do. let's give them arandom instead. they'll > > never know the difference, except it may actually work. :) > > I don't like this. If I was generating a particularly high-value key > (e.g. a long-lived root CA key) then I'd want to use srandom since it > avoids the weakness of an insufficiently-keyed PRNG.
I believe that srandom is incredibly weak. I would like proof that it is strong. > I'd have no objection to making /dev/srandom mode 0640 though. Software will find it, choose it, and then not be able to open it. Then that software will fall back to some astoundingly weak entropy source. > If anything should go, it should be /dev/random and /dev/urandom. I think they should all go. As the producer and consumer count of arandom increases, it only gets better and better. Meanwhile, srandom is based on a single pathetic entropy base. And once it has that entropy base loaded in, it keeps it for a very long time until some unsuspecting sucker pulls from it.
