How good is security via hashing
Nobody
nobody at nowhere.com
Tue Jun 7 17:23:05 EDT 2011
More information about the Python-list mailing list
Tue Jun 7 17:23:05 EDT 2011
- Previous message (by thread): How good is security via hashing
- Next message (by thread): How good is security via hashing
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 07 Jun 2011 13:27:59 +0100, Robin Becker wrote: >> If you want the full 16 bytes of unpredictability, why don't you just >> read 16 bytes from >> /dev/urandom and forget about all the other stuff? > > I have a vague memory that the original author felt that entropy might > run out or something like that so reading from /dev/urandom always was > not a good idea. The problem with /dev/urandom is that it shares the same entropy pool as /dev/random, so you're "stealing" entropy which may be needed for tasks which really need it (e.g. generating SSL/TLS keys). Personally, I'd take whatever "cheap" entropy I can get and hash it. If you're going to read from /dev/urandom, limit it to a few bytes per minute, not per request.
- Previous message (by thread): How good is security via hashing
- Next message (by thread): How good is security via hashing
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list