Hi, Curt wrote: > So this is wrong: > https://www.2uo.de/myths-about-urandom/
Dunno. I took my info from the man page. This article is, at least at its beginnings, very affirmative and fewly equipped with supporting facts. Mainly "Believe Me !". The author is a proselyte of urandom, as he confesses openly. Of course, if you are lucky, urandom gives you 8 bit entropy per byte read. But as all diagrams in the article say: Entropy can be lower and urandom will still hand out the bytes. The whole article is about why this shall not be of concern. Why is the potentially missing stuff considered to be entropy then ? Verifying the statements about the way how random and urandom correspond in the Linux kernel would last a few weeks. Why was it changed so often ? Further i'd need to wrap my head around the topic whether this really yields the properties claimed by the author. Compared to that, what is the penalty if i do not join the urandom church ? I might be doomed to wait a few seconds before my password is generated. Maybe a mass generator of random numbers, which relies on /dev/random against the advise of the man page, will have to wait too. Serves him right. If i get bored, i can speed it up by doing things on mouse and keyboard. But it's not necessary for me. I just read 5 times 16 bytes. No waiting, no lightning strike from heaven. Am i stupid to go any risk and reject the offer of the kernel to test my random bytes before i get them ? Just because people with undisclosed interests tell me ? The term for this is "social engineering". Have a nice day :) Thomas
