There's plenty of randomness for 99.99% of all computers, the remaining ones can easily get some hardware entropy-source, for example one based on the soundcard as you suggest. /dev/urandom is actually a lot STRONGER than sha, because it does use whatever real entropy is available, and while sometimes low enough that /dev/random would block, it is seldom -zero-. Predicting the next number coming out of urandom is similar to predicting the next number coming out of a scheme like this: do: pool = sha(pool) output(pool) Which would perhaps be doable if sha was severly broken. But there's an added complication: Every once in a while, some -real- entropy from whatever source enters the pool via the rough equivalent of: pool = sha(pool xor real-random-data) This should mess things up enough that -even- if sha is severly broken, predicting the sequence is, essentailly, impossible. Our editor is rigth: If you are generating a keypair to use for a decade, by all means, use real randomness. If you are doing anything less, use urandom and forget about it.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds