31 Dec
2004
31 Dec
'04
12:21 a.m.
Timo Sirainen wrote:
I thought /dev/urandom didn't affect /dev/random? Guess I was wrong. Or is this Linux?
Yes, it is Linux.
I guess I could add random_weak_fill() function which they use, which would basically call just rand().
I think that'd be enough for temporary files, wouldn't it?
Other things that use randomness are non-plaintext authentication mechanisms, maybe most importantly APOP, which if enabled reads 16 bytes for every POP3 login even if it's not using APOP.
That's ok, it only happens once a while, that is what we have the random pool for. I just think that depleting it for just a few temporary files is a bit overkill (I don't think you really need very good randomness for that)
johannes