2011/6/4 Jonathan Lundell <jlund...@pobox.com>
> The change treats read-only urandom the same as non-existent urandom, for > warning purposes. Is that the intent? > > Also, I wonder if it wouldn't be a good policy to unconditionally use local > randomness (the seeded random) and mix in urandom randomness if available. > That would help to guard against a bad urandom implementation that behaved > (wrt read/write) normally. > > that seems to be a very good idea. with that, all who doesn't have access to /dev/urandom on host could use local urandom at least.
