> >What if someone's running in very tight memory (2-4 MB) and for one
> >reason or another doesn't care about crackers (isn't on the net, or
> >just doesn't care about security)? The only feasible thing that the
> >kernel needs good random numbers for is security, and people should
> >have the option to turn that off if the memory and CPU cycles are too
> >critical.
>
> Yes, but nonsecurity-related userspace programs might also want good random
> numbers. Consider a simulation using the Monte Carlo method--pseudorandom
> numbers might produce misleading results.
No definitly false. Monte Carlo methods are based on *equally distributed*
sequences. They are not based on *random* sequences. That's a subtile
difference! The get_random routine in random.c is sequentializing
pseudo random numbers in the range of 0..255 into bigger ones. This is in
generall somehow dangerous in respect of the stochstical properties.
It would interrest me if anybody did some serious testing on this topic?.
And finally random.c is not as random as You may beleve. Start it on an
otherwise not busy machine to see why! Yust do cat /dev/random and see
the random numbers coming precisely after any keybord hit. This isn't
acceptable for any number cruching, since those are mostly programms
which are supposed to run in core and on otherwise idle machines.
In fact it was a Montecarlo integration, which made me sceptical
about /dev/random or /dev/urandom.
Marcin