On 11/18/2010 01:40 PM, Arno Wagner wrote: >> I think it is not only about starved situations, thats just practical >> impact of using this interface. >> Ipsec need to set key too and cannot wait for entropy. > > It has to. No entropy - no security. The entropy does not > nee to be "fresh", but it needs to be there. Maybe I said it wrong - RNG of course must be seeded (using entropy). But this is in initialisation phase. It must wait forever here if there is no entropy. But once seeded, it should produce strong enough stream of data, optionally mixed with environmental noise. Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
