

Hardware Random Number Generator Useful - bootload
http://www.foo.be/cgi-bin/wiki.pl/2008-06-23_Hardware_Random_Number_Generator_Useful

======
randombit
The idea presented in this article that /dev/urandom output is predictable is
completely wrong. It is simply not secure from an information theoretic
perspective: if an attacker had some amount of previous /dev/urandom data, and
no new entropy was introduced into the pool, they could derive future output.
However it is still cryptographically strong/computationally strong: actually
doing this seems to require knowing how to invert SHA-1, which is apparently a
difficult problem (I believe the best anyone has done is to invert 2 of the 3
rounds of MD4, which is a much weaker hash).

For much the same reason, RSA is not information-theoretically secure (if you
have the public key, you have all the information you need to get the private
key: you 'just' factor the modulus). That does not mean it is insecure, it
just means you must make sure that the computational effort required is
greater than the expected maximum computational effort anyone might expend
(or, preferably, the maximum computational effort that might be feasible
within your security lifetime).

