The search for truly random numbers in the kernel
The search for truly random numbers in the kernel
Posted Sep 20, 2013 20:00 UTC (Fri) by gmaxwell (guest, #30048)In reply to: The search for truly random numbers in the kernel by ikm
Parent article: The search for truly random numbers in the kernel
SSH does, at least on some systems. If this is advisable or not is another question.
When long-term secrets are used for signing with DSA then whatever argument for /dev/random there was in the first place also really applies to the nonce generation— since weak nonces will leak the private key.
To some extent there is pressure on developers to use the "more secure" thing so long as it exists. No one wants to be wearing the dunce cap for some massive security compromise.
But it would be nice if there were enough space in the pool that it wasn't quite so much of a trap.