On Fri, 20 Mar 2015 14:20:17 +1300, Bryce Utting wrote:
Call me paranoid, but doing this by convention would seem vulnerable to attacks that load up /dev/random with known data (or that act on predictions of what a system would write to it). That wouldn't result in easily predictable results from the CSPRNG, but it would lower the entropy and that's surely bad.
No it wouldn’t. Or rather, it would only matter on a system where nothing else was contributing to /dev/random. Which would mean you’re in trouble, anyway. Remember, the whole point of hashing is that the least little bit change from whatever source makes the output look quite different. Or, to put it another way, feeding predictable data contributes zero entropy, but it cannot take away from the entropy already there.