>> The Linux /dev/urandom manual page claims that without new entropy the user is "theoretically vulnerable to a cryptographic attack", but (as I've mentioned in various venues) this is a ludicrous argument—how can anyone simultaneously believe that
>> - we can't figure out how to deterministically expand one 256-bit secret into an endless stream of unpredictable keys (this is what we need from urandom), but
>> - we can figure out how to use a single key to safely encrypt many messages (this is what we need from SSL, PGP, etc.)?
I prefer DJB's blog on this: https://blog.cr.yp.to/20140205-entropy.html
>> The Linux /dev/urandom manual page claims that without new entropy the user is "theoretically vulnerable to a cryptographic attack", but (as I've mentioned in various venues) this is a ludicrous argument—how can anyone simultaneously believe that
>> - we can't figure out how to deterministically expand one 256-bit secret into an endless stream of unpredictable keys (this is what we need from urandom), but
>> - we can figure out how to use a single key to safely encrypt many messages (this is what we need from SSL, PGP, etc.)?