Quoting Linus Torvalds <torvalds@transmeta.com>:
> Be realistic. This is what I ask of you. We want _real_world_ security,=
=20
> not a completely made-up-example-for-the-NSA-that-is-useless-to-anybody-=
=20
> else.
>=20
> All your arguments seem to boil down to "people shouldn't use /dev/random=
=20
> at all, they should use /dev/urandom".
Wouldn't it be much easier to ask -very few- people (GnuPG/SSL/SSH teams
primarily) to use /dev/super-reliable-mathematically-proven-random if
available, instead of asking much larger crowd to hack their code? This
will be backward compatible, and at the same time offers a much better
randomness for those who care about it. Myself, I read 128-bit session
keys for multiple, not-so-secure, short connections from /dev/random and
it would be sad if it runs out of data.
Also, /dev/random may take data from /dev/super-...random until it sucks=20
it dry, and then switches to less secure sources. This will guarantee that=
=20
the enthropy of readings is -not worse than-, and for moderate requests is=
=20
much better.
Dmitri
--=20
16. The Evil Overlord will not risk his life to save yours. Why risk
yours for his?
("Evil Overlord" by Peter Anspach and John VanSickl)
--Wlbg71WMOPzcvmIn
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9XystXksyLpO6T4IRAvYXAJ92VA0jIwtIrCd/+6Ne7pbwKpl0fgCfUW9U
OE/R255LaFp65E6ZxOA7/Eg=
=VNG0
-----END PGP SIGNATURE-----
--Wlbg71WMOPzcvmIn--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/