
Randomness in Linux - adtac
http://juho.tykkala.fi/Randomness-in-Linux
======
Tomte
The author is mistaken, of course.

But what I find fascinating is this: "Some versions of man page random(4)
states usage limitations while some other versions effectively does not."

For years we've been lamenting the misleading man pages, and now when they
have been fixed, people dismiss the _correct ones_ because scary sounding is
better, I guess.

------
nabla9
This is not correct, of course.

One 256-bit sample of entropy from hardware can be expanded into endless
stream of unpredictable keys. The whitening and cryptographic pseudorandomness
gives security that is indistinguishable from true randomness, entropy pool is
needed just to seed the process.

Only case for /dev/random would be break-in recovery security. If someone has
momentary access to the internal state of RNG just before /dev/urandom is
called, they can predict the output of /dev/urandom that comes next until
entropy pool is updated. But if someone is able to do that, generating random
numbers is probably the least of your problems.

