On Tue, Aug 29, 2017 at 12:40:48PM +0200, Thomas Schmitt wrote:
> Hi,
>
> Zenaan Harkness wrote:
> > I should have wrote "/dev/random should be treated as though it is
> > the input feed to /dev/urandom" (sorry about that).
>
> But that it isn't. The myth model says that it would be.
Which myth?
I can't see the myth in my words that you say is debunked - if you're
clear on it, please quote the myth.
> But the
> other quite credible info says that its output stems from the pseudo
> random number generator which is a ChaCha20 encryptor with changing key,
> if i got it right.
Exactly which part of my sentence above, do you say contradicts what
you say just here?
(If you going to say such things, please quote - for the life of me I
cannot see the contradiction you're talking about!)
> As naive user with no special knowledge about ChaCha20 i would prefer
> to get raw random,
Your preference is not relevant to the security of the result, but
you acting on your naive preference may well reduce the security, and
or the usability, of whatever software you are using.
> not a strongly obfuscated but still diluted result.
^^^^^^^^^^^^^^^^^^^^^^^^
Yes, your naivety shines through.
This is not the place to gain a deep understanding of
cryptographically secure random numbers - there are plenty of good
books, and also plenty of good sources on the web.
If you want to comprehend the significance of your naivety, find the
number of molecules in the universe, and then work out roughly how
many bits (i.e. as a power of two number) are needed to store that,
and then compare this to the number of bits of entropy Ts'o talked
about.
Seriously. As in, without doing this basic experiment, you're going
down completely non-productive rabbit holes, trying to achieve a
simplistic understanding of something that's not at all simple, and
without spending the necessary effort to learn about the maths,
the magnitudes and the other characteristics of these algorithms you
proclaim to be interested in.
There is no shortcut sorry.
Good luck, and enjoy your journey :)
