On Sat, 19 Jul 2014, Steven Chamberlain wrote: > Or if we're worried about draining entropy too quickly from the CSPRNG, > a non-privileged user could do that anyway from /dev/urandom, or it may > happen when a server doing crypto work is under stress? Can we please disabuse ourselves of the notion that entropy can be "drained too quickly" (or even drained at all) from the CSPRNG? Once properly seeded, it produces unpredictable bits. Period. It does not matter how many bits are output (well, for achievable quantities of output); the bits are still unpredictable. -Ben _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"