On (2012-07-19 10:25 +1000), Mark Andrews wrote:
The point of the algorithm was to have something which would do a reasonable job in a CPE router without a hardware source of randomness.
In that context it very much makes sense.
It is a "SAMPLE" routinue. It is not "YOU MUST DO IT THIS WAY OR ELSE". Anything that meets the requirements of RFC 4086 is fine. /dev/random on by laptop meets the requirements of RFC 4086. I
Good to know, earlier in this thread, when fully 40b random (method I've been also using, which I've always thought to be superior to RFC) was suggested, it was met with cold shoulder 'does not follow RFC4086 ... do not use'. I guess I'll keep on using my 40b random instead of 'exactly RFC', and keep verifiability in wish-list. -- ++ytti