On Wed, Sep 07, 2011 at 11:27:12PM +0200, Stephan Mueller wrote: > And exactly that is the concern from organizations like BSI. Their > cryptographer's concern is that due to the volume of data that you can > extract from /dev/urandom, you may find cycles or patterns that increase > the probability to guess the next random value compared to brute force > attack. Note, it is all about probabilities. So don't use /dev/urandom if you don't like the behaviour. Breaking all existing application because of a certification is simply not an option. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html