On Mon, Jun 13, 2011 at 17:07, Akira Tanaka <akr / fsij.org> wrote:
> I think securerandom_opensslfree.diff is too radical for this issue.
> It may decrease working platforms.

Agreed. Your fix is nice. We should have been aware of that. Thanks.

> However concrete advantage/disadvantage between OpenSSL and /dev/urandom is interesting.
> (portability, randomness quality, performance, ...)

On Linux, /dev/urandom seems to return  the values which are
"theoretically vulnerable to a cryptographic attack on the algorithms
used by the driver" (from man page). I though it returns shorter bytes
than expected. I was wrong.

And using /dev/urandom every time consumes too much entropy that OS
has, so /dev/random users would not like it. We should avoid using
/dev/urandom every time on the env w/o OpenSSL in the future.

Regards,
// NaHi