tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: /dev/random is hot garbage

> In addition, the notion of "entropy being consumed" is obsolete (if it was e$

Oh, it most certainly was, and is, a valid notion.  It may currently
appear that the state of the art in PRNGs is good enough that you can
stream unlimited amounts of key material once you have enough entropy
on hand, but it will not remain so forever.  History repeatedly teaches
us that "always" and "forever" never are, perhaps especially in
cryptography.  (It wasn't all that long ago that a Vignière cipher was
the ultimate in unbreakable cryptography.)

Getting rid of the notion of consumable entropy now will just mean
someone needs to reimplement it in the future, when the state of the
art once again becomes such that the state-inferrers have the

> Do we have an implementation that does these things?  It's critical to have $

Only those that use cryptography, and even then only those so sloppily
designed that they (a) have no fallback for systems that don't export a
strong random-number interface and (b) trust that interface to perform
up to its advertised design specs.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Home | Main Index | Thread Index | Old Index