Hi Kevin, > I'm not thinking about performance issues, but about the use and possible > misuse of entropy. I'm not even convinced it's appropriate for Message-ID, > so I certainly wouldn't like to see it put in a generic function used for > temp files and message part boundaries.
According to the documents available in the net, entropy is not influenced by consuming random numbers. Entropy is used to contantly (re)reseeding the PRNG, and if insufficient entropy is present, you might get imperfect random numbers (we don't care much for our purposes). This could happen right after boot. On Linux this is commonly mitigated by seeding with saved random from the previous system run. FreeBSD is reported to wait before emitting random numbers until the entropy level is reached. Both, OpenSSL and GnuTLS source /dev/urandom, which doesn't block. See Recommendations for Randomness in the Operating System http://www.cs.columbia.edu/~suman/docs/hotos15recommendations.pdf /dev/random vs /dev/urandom and are they secure? https://linuxhint.com/dev_random_vs_dev_urandom/ Myths about /dev/urandom https://www.2uo.de/myths-about-urandom/ Earlier Kernels Analysis of the Linux Random Number Generator https://eprint.iacr.org/2006/086.pdf "Our study is based on version 2.6.10 of the Linux kernel, which was released on December 24, 2004." "The/dev/urandominterface, and the kernel interface (get_random_bytes), return any number of pseudo-random bits, according tothe request. This difference implies that entropy estimation is important mainly for the/dev/randominterface." An implementation of the Yarrow PRNG for FreeBSD https://www.usenix.org/legacy/events/bsdcon/full_papers/murray/murray_html/ This (hopefully) is enough to destroy doubts. Gero
