Weird pop3d hang problem (fd blocked?!)
foobar at intter.net
Tue Jun 10 12:05:43 EDT 2003
On Thu, 5 Jun 2003, John Alton Tamplin wrote:
> And in particular you may not want to do this if you are generating RSA
> private keys or equivalent on a machine that anyone else may have shell
> access to.
Yes in theory,
The /dev/random device is suitable for use when very high quality
randomness is desired (e.g. for key generation), as it will
only return a maximum of the number of bits of randomness (as estimated by
the random number generator) contained in the entropy pool.
The /dev/urandom device does not have this limit, and will return as many
bytes as are requested. As more and more random bytes are requested
without giving time for the entropy pool to recharge, this will result in
lower quality random numbers. For many applications, however, this
the returned values are theoretically vulnerable to aryptographic attack
on the algorithms used by the driver. Knowledge of how to do this is not
available in the current non-classified literature, but it is theoretically
possible that such an attack may exist. If this is a concern in your
application, use /dev/random instead.
See word *theoretically* , didn't urandom gather some data from
network-interfaces too so it may be affected. Nobody knows when it takes
data from device nr X.
/dev/urandom appeared in solaris since version8 (patch). random's
device-number is 8 while urandom's is 9. What about if there is
config-option for this device?
++Titus | Veli Pirttila
More information about the Info-cyrus