> The important thing is that it's information only in a Shannon sense.
> Once you pass 4096 bits of output, it's theoretically possible to
> derive the hidden internal state. It's just not remotely practicable.
> It's like deriving the key to a cipher from the cipher output. Even with
> a huge amount of output, a good cipher prevents you deriving the key.
isnt it so that generating enough cyphertext gives away the key after some
time? I'm no cryptography dude, but i did read about the 'black box'
attack, when you have a DES (government) hardware box, and you can pass it
any known text, this way recovery of the internal state is much easier
than a full search.
in a sense, the /dev/urandom thing is basically a black-box interface to
some secret key.
Think about it. We cannot generate infinit amount of random output, based
on a finit amount of random input. Ie. the output wont be random. The more
output you give, the more information you expose, isnt it so?
-- mingo