Nelson Bolyard wrote: > With entropy seeding, the more the merrier. > You can't really have too much.
On the other hand, why make apps and users jump through hoops to add more if it isn't needed? It seems rather dysfunctional to have a cryptographic RNG that's just going to pass the buck to the caller. [Which leads to more opportunities to do something wrong.] > I don't know what your program is or what platform it runs on, but on > Linux you could always just get more from /dev/urandom. Why should the app need to do this? If NSS needs more entropy at some point, it should read from /dev/[u]random itself. > It's been a long time since someone asked this question. I think our > standard answer, long ago, was that NSS's built-in entropy seeding, > which happens only once on startup, is OK for low value temporal keys, > but for high value long-lived keys, we recommend getting more entropy. Perhaps the entropy gathering in NSS could be simplified now, since modern Unix (and Windows, I assume) platforms include this as part of the OS... Justin _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
