I would prefer that only inputs definitely not controlled by attackers are used, and I'm not sure it can be guaranteed that uninitialized data is not manipulated in some way. There are sources of entropy that are harder to subvert. I think it's better to have less entropy but avoid giving attackers another possibility for exploits.
You don't use enemy's rivets to build your battleships. It may be just little pieces of metal that get a very different shape when used, but never underestimate those who are determined to harm you.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds