X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:to:from:subject:mime-version
	:content-type; q=dns; s=default; b=KveTp7zNI4bXhS8iqwkKtQQrdmfBw
	Yj8CbQMRyr9vYCws4A07vsikAi7Bjg51n9vs62FjP1kHw3NA3gC/K/OtqUrej4km
	Yrj/JrtQDWnCbSvwOtBepTFe70kfgHhuE94Zic8I2N6Y+ANG5m2sp0p0LyQnL+PI
	0y2t6e+serZlac=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:to:from:subject:mime-version
	:content-type; s=default; bh=s3h++PgIWhEvH4sm8KmZInX67I8=; b=oG4
	29jVlZvP2240d/mi+NCSr+/9wYqRSd4oZA7hJmoRUVyWYhHgA64oUJVBJ0OjUy87
	TxU6dSh0lGEddRcI7I1tebrfej2nKbKgN5frx86UGJ7uVn0jD8NpASNab0JR21s7
	pLnMW3O6agB3l90LynrfIC4hLs1wQqNMngvfBOhI=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=2.3 required=5.0 tests=AWL,BAYES_50,SPF_FAIL autolearn=no version=3.3.2
X-HELO: mx.binnacle.cx
Message-Id: <6.2.5.6.2.20130918150156.03a25770@binnacle.cx>
Date: Wed, 18 Sep 2013 15:02:41 -0400
To: cygwin@cygwin.com
From: starlight.2013z3@binnacle.cx
Subject: /dev/random does not block, emits poor entropy
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: -1 () ALL_TRUSTED
Received-SPF: pass (mx.binnacle.cx: 172.29.87.10 is whitelisted by SPF-milter whitelist entry)

I see that CryptGenRandom() does not appear
to have parameters to detect or control
the quality of entropy.

So possibly the correct solution to this
issue would be to eliminate

    /dev/random

and just leave

    /dev/urandom

in place.  'openssl' apparently uses /dev/urandom.

If someone needs to fake /dev/random they
can create a symbolic link for it,
knowing the risks they might be taking.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple