Subject: Re: *why* /dev/rnd?
To: John F. Woods <firstname.lastname@example.org>
From: Bill Sommerfeld <email@example.com>
Date: 10/13/1997 22:13:06
> I also note that, although the code makes grand promises about not
> releasing any information about its entropy sources, the fact that it
> can block waiting for more entropy gives out low-quality information
> about how active the system is... (Not, of course, that there aren't
> already hundreds of ways this information is already leaked.)
If you're worrying about covert channels of this form in NetBSD you
have far too much time on your hands..