Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!news.dougwise.org!gegeweb.org!de-l.enfer-du-nord.net!feeder1.enfer-du-nord.net!tudelft.nl!txtfeed1.tudelft.nl!dedekind.zen.co.uk!zen.net.uk!hamilton.zen.co.uk!reader02.news.zen.co.uk.POSTED!not-for-mail
From: Nobody <nobody@nowhere.com>
Subject: Re: How good is security via hashing
Date: Tue, 07 Jun 2011 22:23:05 +0100
User-Agent: Pan/0.14.2 (This is not a psychotic episode. It's a cleansing moment of clarity.)
Message-Id: <pan.2011.06.07.21.22.54.0@nowhere.com>
Newsgroups: comp.lang.python
References: <mailman.2524.1307441917.9059.python-list@python.org> <4d3945c6-6c0b-45e4-9d12-f6f50c09108b@ct4g2000vbb.googlegroups.com> <mailman.2529.1307449692.9059.python-list@python.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Lines: 18
Organization: Zen Internet
NNTP-Posting-Host: 3634afd8.news.zen.co.uk
X-Trace: DXC=DDVW;mUXYGF@iVTTMB<E]OYjZGX^207PK`<MJMoM3PFMHOC`e3S9fY@FJHPa[N739@]X1DQC34TP@30FehBjPbWA
X-Complaints-To: abuse@zen.co.uk
Xref: x330-a1.tempe.blueboxinc.net comp.lang.python:7187

On Tue, 07 Jun 2011 13:27:59 +0100, Robin Becker wrote:

>> If you want the full 16 bytes of unpredictability, why don't you just
>> read 16 bytes from
>> /dev/urandom and forget about all the other stuff?
>
> I have a vague memory that the original author felt that entropy might
> run out or something like that so reading from /dev/urandom always was
> not a good idea.

The problem with /dev/urandom is that it shares the same entropy pool as
/dev/random, so you're "stealing" entropy which may be needed for tasks
which really need it (e.g. generating SSL/TLS keys).

Personally, I'd take whatever "cheap" entropy I can get and hash it.
If you're going to read from /dev/urandom, limit it to a few bytes per
minute, not per request.