<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Jan 7, 2017 at 7:16 AM, Daniel Franke <span dir="ltr"><<a href="mailto:dfoxfranke@gmail.com" target="_blank">dfoxfranke@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div id="gmail-:2f2" class="gmail-a3s gmail-aXjCH gmail-m1597611b46ec31a6">In any case, please *don't* switch to reading from /dev/random, or<br>
monitoring /proc/sys/kernel/random/<wbr>entropy_avail, or any similar hack.<br>
The notion that it's ever possible to "run out" of entropy once the<br>
pool has been seeded with an adequate quantity is based on an<br>
insidious misunderstanding of how CSPRNGs work.</div></blockquote></div><br></div><div class="gmail_extra">Thank you.<br><br></div><div class="gmail_extra">On the supposed disadvantages of /dev/urandom , and why no true cryptographer would use /dev/urandom, I cite:<br><a href="http://www.2uo.de/myths-about-urandom/#experts">http://www.2uo.de/myths-about-urandom/#experts</a><br clear="all"><div><div class="gmail_signature"><br></div><div class="gmail_signature">(The page summarizes, at length, the issues involved.)<br></div><div class="gmail_signature"><br>-- <br>Sanjeev Gupta<br>+65 98551208     <a href="http://www.linkedin.com/in/ghane" target="_blank">http://www.linkedin.com/in/ghane</a></div></div>
</div></div>