For most of the times this should be sufficient. /dev/random and in
esp. /dev/urandom is just plain security paranoia and kernel bloat
IMHO. /dev/urandom is using the values gathered by /dev/random as a
seed and is mungling them with MD5 to provide a non blocking source
of pseudo random numbers. At least this part could remain compleatly
in the application/shared lib.
For the record, your description of /dev/urandom is completely
inaccurate. /dev/random and /dev/urandom generate random numbers using
exactly the same algorithm; they extract randomness from an entropy pool
and return it to the user. The only difference between /dev/urandom and
/dev/random is that /dev/random will block if the estimate of the amount
of entropy in the pool is insufficient for the amount of random numbers
being requested. /dev/urandom will not block. That is the only
difference, and hence the amount of kernel code necessary to support
/dev/urandom is very small.
The reason why /dev/random is in the kernel is that being able to
extract entropy from the interrupt timings, etc. is best done in the
kernel. /dev/random and /dev/urandom should only be used for
cryptographic purposes, or to seed a pseudo-random number generator.
Anything else is a waste of CPU speeds, since reading from either
/dev/random or /dev/urandom is not fast.
- Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/