The RFC says what it does because the author(s) either must have had a mistaken notion that there are always issues where an entropy source/pool can be consumed and did not want to exacerbate that presumed issue or had notions that there were always significant performance issues using a source of random entropy. This is not the case with /dev/urandom in Linux and the entropy sources in other operating systems that I am aware of. Something is only truly unpredictable when it is from a high quality random source so the statement... "The value of the anti-clogging token MUST be unpredictable and SHOULD NOT be from a source of random entropy." ... contradicts itself. We should look to the intent and purpose of the RFC and the token, not what it says at face value. It is poorly worded and does not explain or justify itself. Regards, Nick _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap