Path: csiph.com!x330-a1.tempe.blueboxinc.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!border3.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!aqua.octanews.net!news-out.octanews.net!indigo.octanews.net!auth.brown.octanews.com.POSTED!not-for-mail From: Paul Rubin Newsgroups: comp.lang.python Subject: Re: How good is security via hashing References: <4d3945c6-6c0b-45e4-9d12-f6f50c09108b@ct4g2000vbb.googlegroups.com> Date: Tue, 07 Jun 2011 06:00:59 -0700 Message-ID: <7xsjrl23uc.fsf@ruckus.brouhaha.com> Organization: Nightsong/Fort GNOX User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux) Cancel-Lock: sha1:SQecNDdse0R3mhoCPpu4jfT87os= MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Lines: 16 NNTP-Posting-Date: 07 Jun 2011 08:00:59 CDT X-Complaints-To: abuse@octanews.net Xref: x330-a1.tempe.blueboxinc.net comp.lang.python:7154 Robin Becker writes: > I have a vague memory that the original author felt that entropy might > run out or something like that so reading from /dev/urandom always was > not a good idea. If there is enough entropy to begin with, then /dev/urandom should be cryptographically strong. The main danger is just after the system boots and there has not yet been much entropy gathered from physical events. > FreeBSD re-uses the entropy, but the end target is Solaris so I'm not > really sure about the details of /dev/urandom. No idea about Solaris. Another area of danger these days is virtual hosts, since their I/O may be completely simulated. They are not certified for payment card processing, mostly for that reason.