From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <4ef85060c676ccc031ac92c171b73155@quintile.net> From: "Steve Simon" Date: Fri, 10 Apr 2009 11:25:02 +0100 To: 9fans@9fans.net In-Reply-To: <20090410084102.GG4823@masters6.cs.jhu.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] exportfs security question Topicbox-Message-UUID: d9481fa0-ead4-11e9-9d60-3106f5b1d025 > truerand() returns (at most) 32 bits of entropy, which gets pushed into > srand() and then 32 bits of entropy are read back out... why not just use > truerand() directly? This bit I know, truerand() reads /dev/random (see cons(1)) and can only generate "a few hundred bits per second". rand is pretty good (I think) but it is predictable, by seeding it from truerand() the predictability is avoided. -Steve.