20 Mar
2015
20 Mar
'15
1:20 a.m.
Eric Light wrote:
I just happened across this article, recommending that discardable output be redirected to /dev/random instead of just thrown into /dev/null
https://pthree.org/2014/12/07/use-dev-random-instead-of-dev-null/
Looks interesting - keen to hear other thoughts.
Call me paranoid, but doing this by convention would seem vulnerable to attacks that load up /dev/random with known data (or that act on predictions of what a system would write to it). That wouldn't result in easily predictable results from the CSPRNG, but it would lower the entropy and that's surely bad. butting