Most people (including OpenSSH!) are already using /dev/urandom where
appropriate.
If you care about the difference between /dev/random and /dev/urandom,
then you ought to care about the difference _actually being there_. If
your entropy estimates are not conservative, then your system will
leak entropy faster than it takes it in and then /dev/random and
/dev/urandom will by identical _by definition_.
> This will be backward compatible, and at the same time offers a much
> better randomness for those who care about it. Myself, I read
> 128-bit session keys for multiple, not-so-secure, short connections
> from /dev/random and it would be sad if it runs out of data.
Why would that be sad? It's at least billions of times easier to break
a 128-bit key than to guess the internal state of /dev/urandom, even
if the system has no entropy sources.
> Also, /dev/random may take data from /dev/super-...random until it sucks
> it dry, and then switches to less secure sources. This will guarantee that
> the enthropy of readings is -not worse than-, and for moderate requests is
> much better.
Simple enough:
mv /dev/random /dev/super-random
ln -s /dev/urandom /dev/random
Backward compatible and everything.
-- "Love the dolphins," she advised him. "Write by W.A.S.T.E.." - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/