>> /dev/urandom depends on the strength of the crypto primitives. >> /dev/random does not. All it needs is a good uniform hash. > > That's not at all clear. I'll go farther: I think it is unlikely > to be true. > > If you want to think about cryptographic primitives being arbitrarily > broken, I think there will be scenarios where /dev/random is insecure. > > As for what you mean by "good uniform hash", I think you'll need to > be a bit more precise.
Well, you just pointed me to a very nice paper that *makes* it precise: Boaz Barak, Ronen Shaltiel, and Eran Tromer. True random number generators secure in a changing environment. In Workshop on Cryptographic Hardware and Embedded Systems (CHES), pages 166-180, 2003. LNCS no. 2779. I haven't worked through all the proofs yet, but it looks to be highly applicable. >> Do a bit of reading on the subject of "unicity distance". > > Yes, I've read Shannon's original paper on the subject, as well > as many other treatments. I hope it's obvious that I didn't mean to patronize *you* with such a suggestion! Clearly, you're intimately familiar with the concept, and any discussion can go straight on to more detailed issues. I just hope you'll grant me that understanding the concept is pretty fundamental to any meaningful discussion of information-theoretic security. > I stand by my comments above. Cool! So there's a problem to be solved! - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
