cvs commit: src/games/fortune/fortune fortune.c
Nate Lawson
nate at root.org
Mon Jul 25 22:37:06 GMT 2005
Matthew D. Fuller wrote:
> On Sun, Jul 24, 2005 at 04:06:02PM +0200 I heard the voice of
> Poul-Henning Kamp, and lo! it spake thus:
>
>>Anyway, back in this universe: We should not stick a lot of stuff
>>into our boot-time scripts, they are slow enough already.
>
>
> If it doesn't consume to much in its testing, it seems a logical
> candidate for one of the nightly or weekly runs.
Unfortunately, it won't actually buy us anything on the security front.
The entropy stored in / used to seed the PRNG has already been run
through SHA-1. And the output of the PRNG is obviously already run
through SHA-1 also. So any automatic test will not be able to
distinguish the quality of the entropy from that of a simple counter.
--
Nate
More information about the cvs-src
mailing list